'Create PKCS#1 formatted RSA key using OpenSSL v3.0.0
I wanted to confirm if we can create PKCS#1/traditional formatted RSA keys using version 3.0.0 of OpenSSL. I guess following command is giving me the output in PKCS#8 format. openssl genrsa -out server.key 2048
Thanks.
Solution 1:[1]
You can do this directly(PKCS#8):
openssl genpkey -out rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
cat rsakey.pem
-----BEGIN PRIVATE KEY-----
base64_encode xxx
-----END PRIVATE KEY-----
openSSL 1.1.1(PKCS#1)
openssl genrsa -out server.key 2048
cat server.key
-----BEGIN RSA PRIVATE KEY-----
base64_encode xxx
-----END RSA PRIVATE KEY-----
openssl pkcs8 to pkcs1 command
openssl rsa -in rsakey.pem -out rsakey_pkcs1.pem
cat rsakey_pkcs1.pem
-----BEGIN RSA PRIVATE KEY-----
base64_encode xxx
-----END RSA PRIVATE KEY-----
Solution 2:[2]
There is an issue with openssl 3.0 which cannot convert PKCS #8 private keys into PKCS #1 keys, at least on Ubuntu. The issue may come from the upstream project.
Solution 3:[3]
Using OpenSSL 3.0, you can use the -traditional
switch to get the older format for your output, both for the openssl rsa
and openssl genrsa
subcommands. Tested on Ubuntu 22.04.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | he shouyong |
Solution 2 | jean-christophe manciot |
Solution 3 | Simon Chopin |