Anyone? On Wed, Jul 26, 2017 at 9:21 PM, Michele Mase' <michele.m...@gmail.com> wrote:
> Tx. > So, what should be the command line to use in order to obtain the same key? > openssl genrsa .... > openssl req -nodes -newkey rsa:2048 some_extra_parameters .... > Michele MAsè > > On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > >> On 07/26/2017 10:13 AM, Michele Mase' wrote: >> >> During the generation of x509 certificates, both commands give the same >> results: >> >> Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key -out >> example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT >> Department/CN=example.com >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__example.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=SvmGwnxF6Arf5U_XmN1vPPpie6IFH3h5CkVhveCn26I&s=AMT2W-m9xgiUsKMETv-WcWALqfQnX1rujJdNTJsVz1E&e=> >> " >> Command "b": openssl genrsa -out example.key >> >> Both commands give me a private key without password, a key that is not >> encrypted. >> To remove the passphrase from private key, I use the >> Command "c":openssl rsa -in example.key -out example2.key >> >> The command "c" against the example.key generated by command "a", gives >> the same private key with different content between --BEGIN RSA and --END >> RSA. Simply, try the following: >> diff example.key example2.key, the files are different. >> >> The command "c" against example.key generate by the command "b" produces >> the same file. No differences. >> >> Why? >> Perhaps I missed something in openssl manual ... :( >> These differenced gave me troubles using custom certificates in some >> software. >> Any suggestion? >> >> >> The output from openssl req includes an additional layer of encoding and >> the rsaEncryption OID around the actual key parameters, as can be seen >> using openssl asn1parse. The conversion with 'openssl rsa' removes that >> extra encoding. >> >> -Ben >> > >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users