'Create PKCS#1 formatted RSA key using OpenSSL v3.0.0

I wanted to confirm if we can create PKCS#1/traditional formatted RSA keys using version 3.0.0 of OpenSSL. I guess following command is giving me the output in PKCS#8 format. openssl genrsa -out server.key 2048

Thanks.



Solution 1:[1]

You can do this directly(PKCS#8):

openssl genpkey -out rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
cat rsakey.pem 
-----BEGIN PRIVATE KEY-----
base64_encode xxx
-----END PRIVATE KEY-----

openSSL 1.1.1(PKCS#1)

openssl genrsa -out server.key 2048

cat server.key 

-----BEGIN RSA PRIVATE KEY-----
base64_encode xxx
-----END RSA PRIVATE KEY-----

openssl pkcs8 to pkcs1 command

openssl rsa -in rsakey.pem -out rsakey_pkcs1.pem
cat rsakey_pkcs1.pem
-----BEGIN RSA PRIVATE KEY-----
base64_encode xxx
-----END RSA PRIVATE KEY-----

Solution 2:[2]

There is an issue with openssl 3.0 which cannot convert PKCS #8 private keys into PKCS #1 keys, at least on Ubuntu. The issue may come from the upstream project.

Solution 3:[3]

Using OpenSSL 3.0, you can use the -traditional switch to get the older format for your output, both for the openssl rsa and openssl genrsa subcommands. Tested on Ubuntu 22.04.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 he shouyong
Solution 2 jean-christophe manciot
Solution 3 Simon Chopin