Tx. So, what should be the command line to use in order to obtain the same key? openssl genrsa .... openssl req -nodes -newkey rsa:2048 some_extra_parameters .... Michele MAsè
On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > On 07/26/2017 10:13 AM, Michele Mase' wrote: > > During the generation of x509 certificates, both commands give the same > results: > > Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key -out > example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT > Department/CN=example.com > <https://urldefense.proofpoint.com/v2/url?u=http-3A__example.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=SvmGwnxF6Arf5U_XmN1vPPpie6IFH3h5CkVhveCn26I&s=AMT2W-m9xgiUsKMETv-WcWALqfQnX1rujJdNTJsVz1E&e=> > " > Command "b": openssl genrsa -out example.key > > Both commands give me a private key without password, a key that is not > encrypted. > To remove the passphrase from private key, I use the > Command "c":openssl rsa -in example.key -out example2.key > > The command "c" against the example.key generated by command "a", gives > the same private key with different content between --BEGIN RSA and --END > RSA. Simply, try the following: > diff example.key example2.key, the files are different. > > The command "c" against example.key generate by the command "b" produces > the same file. No differences. > > Why? > Perhaps I missed something in openssl manual ... :( > These differenced gave me troubles using custom certificates in some > software. > Any suggestion? > > > The output from openssl req includes an additional layer of encoding and > the rsaEncryption OID around the actual key parameters, as can be seen > using openssl asn1parse. The conversion with 'openssl rsa' removes that > extra encoding. > > -Ben >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users