[openssl-users] private key difference: openssl genrsa vs opnessl req newkey

Michele Mase' michele.mase at gmail.com
Wed Jul 26 15:13:20 UTC 2017


During the generation of x509 certificates, both commands give the same
results:

Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key -out
example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
Department/CN=example.com"
Command "b": openssl genrsa -out example.key

Both commands give me a private key without password, a key that is not
encrypted.
To remove the passphrase from private key, I use the
Command "c":openssl rsa -in example.key -out example2.key

The command "c" against the example.key generated by command "a", gives the
same private key with different content between --BEGIN RSA and --END RSA.
Simply, try the following:
diff example.key example2.key, the files are different.

The command "c" against example.key generate by the command "b" produces
the same file. No differences.

Why?
Perhaps I missed something in openssl manual ... :(
These differenced gave me troubles using custom certificates in some
software.
Any suggestion?
Regards
Michele MAsè
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170726/37e4a963/attachment-0001.html>


More information about the openssl-users mailing list