Hi, OpenSSL 1.0.1e 11 Feb 2013
$ grep bits openssl.cnf default_bits = 4096 => Note that the default_bits are set to 4096. $ openssl req -config openssl.cnf -nodes -newkey rsa -keyout testkey.pem -keyform PEM -out testreq.pem -outform PEM Generating a 4096 bit RSA private key ..++++++ ...........................++++++ writing new private key to 'testkey.pem' => Note that Openssl tells us that it is generating a 4096 bit key. $ openssl rsa -text <testkey.pem | less | grep Key Private-Key: (1024 bit) => ...but openssl generated a 1024 bit key instead. (The workaround is to force openssl with -newkey rsa:4096.) Two concerns: 1. Openssl should create a 4096 bit key if the default setting is 4096 bit. 2. Openssl should not show that a 4096 bit key is generated and then generate something much weaker. regards, skyper
