Re: private key difference: openssl genrsa vs opnessl req newkey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Anyone?

On Wed, Jul 26, 2017 at 9:21 PM, Michele Mase' <michele.mase@xxxxxxxxx> wrote:
Tx.
So, what should be the command line to use in order to obtain the same key?
openssl genrsa ....
openssl req -nodes -newkey rsa:2048 some_extra_parameters ....
Michele MAsè

On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk <bkaduk@xxxxxxxxxx> wrote:
On 07/26/2017 10:13 AM, Michele Mase' wrote:
During the generation of x509 certificates, both commands give the same results:

Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"
Command "b": openssl genrsa -out example.key

Both commands give me a private key without password, a key that is not encrypted.
To remove the passphrase from private key, I use the
Command "c":openssl rsa -in example.key -out example2.key

The command "c" against the example.key generated by command "a", gives the same private key with different content between --BEGIN RSA and --END RSA. Simply, try the following:
diff example.key example2.key, the files are different.

The command "c" against example.key generate by the command "b" produces the same file. No differences.

Why?
Perhaps I missed something in openssl manual ... :(
These differenced gave me troubles using custom certificates in some software.
Any suggestion?

The output from openssl req includes an additional layer of encoding and the rsaEncryption OID around the actual key parameters, as can be seen using openssl asn1parse.  The conversion with 'openssl rsa' removes that extra encoding.

-Ben


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux