[openssl-users] Not getting "RSA" keyword for a key in fips mode

Dr. Stephen Henson steve at openssl.org
Thu Jun 11 13:57:47 UTC 2015

On Thu, Jun 11, 2015, Gayathri Manoj wrote:

> Hi All,
> I am trying to create a pem format key for my existing key by using the
> below command.
> openssl rsa -in my_rsa_key -outform PEM -out  my_res_newkey_pem
> The new key format is  -----BEGIN PRIVATE KEY-----.
> But I am expecting -----BEGIN RSA PRIVATE KEY-----
> In nonFIPS mode i am getting -----BEGIN RSA PRIVATE KEY----- as expected.
> My openssl version is OpenSSL 0.9.8zf-fips.
> Please let me know how can I generate the new key  in BEGIN RSA PRIVATE KEY
> format.

You can't because the format isn't allowed in FIPS mode because it uses
MD5 for key derivation.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list