> Now, from whatever I know about the public key cryptography, it is not > possible to generate private key from the public key and vice versa. Both > the keys can only be generated together through some algorithm.
The depends on the algorithm and your precise definition of "private key". There is no reason what you are calling the private key together with the public key could not also be referred to as the "private key". > And there is > no fundamental difference between the two keys. Any key from the > pair can be > designated as a public key and the counterpart as the private key. That may be true for some algorithms, but it is not a general property of asymmetric cryptography. > So what is happening here is that we are generating public key from the > private key in command no (2). (Remember, public key is stored in > domainname.csr). So if that is the case, then we can also generate private > key given a public key. > > This is bizarre. Obviously I am missing something here. My only guess is > that the file domainname.key as generated by command (1) stores > BOTH public > and private keys. That will make the whole game logical. Of course openssl > documentation doesn't say so. So can somebody please explain the logic > behind these commands. Or at least can somebody please confirm my > observation? The file stores a structure from which the private key can be extracted. If you choose not to call that the "private key" for some reason, you are welcome to do so. But nothing in the ordinary usage of those terms prevents a structure form which the public key from being extracted being called the "private key". An RSA private key structure, for example, will typically contains the modulus, public exponent, private exponent, prime1, prime2, exponent1, exponent2, and coefficient. An RSA public key contains the modulus and public exponent. It should be clear that the public key is thus a subset of the private key. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
