Background I administer a product that requires private keys to be in a specific format, which is not the format given by genrsa. After pulling teeth with the "customer support" people I found out that there is a tool included with the product that generates the required private keys. Also after doing some research it appears that they are pkcs8 keys--only because of the -----BEGIN ENCRYPTED PRIVATE KEY----- containers. Openssl happily makes cert requests and certs using the pkcs8 keys generated by the other app. I want to use openssl to generate all subsequent keys, to make administration easier for the people after me since I have already set up a CA. However, if I generate an rsa key and then convert it to a pkcs8 key (using the example in the pkcs8 man page), my app can not use them. Questions Can I assume that the required keys are pkcs8? If not how can I tell what format the private key is in? Can I tell how a key is password encrypted? Can I directly generate a pkcs8 key using openssl? Any info would be helpful. Thanks. Aaron ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]