<div dir="ltr"><div><div><div><div>Tx.<br></div>So, what should be the command line to use in order to obtain the same key?<br></div>openssl genrsa ....<br></div>openssl req -nodes -newkey rsa:2048 some_extra_parameters ....<br></div>Michele MAsè<div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk <span dir="ltr"><<a href="mailto:bkaduk@akamai.com" target="_blank">bkaduk@akamai.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
On 07/26/2017 10:13 AM, Michele Mase' wrote:<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>During the generation of x509
certificates, both commands give the
same results:<br>
<br>
</div>
</div>
Command "a": openssl req -nodes -newkey
rsa:2048 -keyout example.key -out
example.csr -subj
"/C=GB/ST=London/L=London/O=<wbr>Global
Security/OU=IT Department/CN=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__example.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=SvmGwnxF6Arf5U_XmN1vPPpie6IFH3h5CkVhveCn26I&s=AMT2W-m9xgiUsKMETv-WcWALqfQnX1rujJdNTJsVz1E&e=" target="_blank">example.com</a>"<br>
Command "b": openssl genrsa -out example.key<br>
<br>
</div>
Both commands give me a private key without
password, a key that is not encrypted.<br>
</div>
To remove the passphrase from private key, I use
the <br>
Command "c":openssl rsa -in example.key -out
example2.key<br>
</div>
<br>
</div>
The command "c" against the example.key generated by
command "a", gives the same private key with
different content between --BEGIN RSA and --END RSA.
Simply, try the following:<br>
</div>
diff example.key example2.key, the files are
different.<br>
<br>
</div>
The command "c" against example.key generate by the
command "b" produces the same file. No differences.<br>
<br>
</div>
Why?<br>
</div>
<div>Perhaps I missed something in openssl manual ... :(<br>
</div>
These differenced gave me troubles using custom certificates
in some software.<br>
</div>
Any suggestion?<br>
</div>
</div>
</blockquote>
<br></span>
The output from openssl req includes an additional layer of encoding
and the rsaEncryption OID around the actual key parameters, as can
be seen using openssl asn1parse. The conversion with 'openssl rsa'
removes that extra encoding.<br>
<br>
-Ben<br>
</div>
</blockquote></div><br></div></div>