[openssl-users] private key difference: openssl genrsa vs opnessl req newkey
michele.mase at gmail.com
Wed Jul 26 19:21:43 UTC 2017
So, what should be the command line to use in order to obtain the same key?
openssl genrsa ....
openssl req -nodes -newkey rsa:2048 some_extra_parameters ....
On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk <bkaduk at akamai.com> wrote:
> On 07/26/2017 10:13 AM, Michele Mase' wrote:
> During the generation of x509 certificates, both commands give the same
> Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key -out
> example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
> Command "b": openssl genrsa -out example.key
> Both commands give me a private key without password, a key that is not
> To remove the passphrase from private key, I use the
> Command "c":openssl rsa -in example.key -out example2.key
> The command "c" against the example.key generated by command "a", gives
> the same private key with different content between --BEGIN RSA and --END
> RSA. Simply, try the following:
> diff example.key example2.key, the files are different.
> The command "c" against example.key generate by the command "b" produces
> the same file. No differences.
> Perhaps I missed something in openssl manual ... :(
> These differenced gave me troubles using custom certificates in some
> Any suggestion?
> The output from openssl req includes an additional layer of encoding and
> the rsaEncryption OID around the actual key parameters, as can be seen
> using openssl asn1parse. The conversion with 'openssl rsa' removes that
> extra encoding.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users