Skip to main content
Unix & Linux

Return to Answer

added 160 characters in body
Source Link
garethTheRed
garethTheRed
  • 35k
  • 4
  • 101
  • 106

The genpkey command can create other types of private keys - DSA, DH, EC and maybe GOST - whereas the genrsa, as it's name implies, only generates RSA keys. There are equivalent gendh and gendsa commands.

However, the OpenSSL documentation states that these gen* commands have been superseded by the generic genpkey command.

In the case of your examples, both generate RSA private keys.

openssl genrsa -out genrsa.key 2048

and

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out genpkey.key

will generate a 2048 bit RSA key with the exponent set to 65537.

Simply cat the resulting files to see that they are both PEM format private keys; although openssl rsa encloses them in BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY while openssl genpkey omits the RSA. The former is PKCS#1 format, while the latter is PKCS#8.

Running openssl rsa text -in <filename> against both shows that they are RSA private keys with the same publicExponent. The newer genpkey command has the option to change this using -pkeyopt rsa_keygen_pubexp:value while the genrsa command doesn't have this option.

The genpkey command can create other types of private keys - DSA, DH, EC and maybe GOST - whereas the genrsa, as it's name implies, only generates RSA keys. There are equivalent gendh and gendsa commands.

However, the OpenSSL documentation states that these gen* commands have been superseded by the generic genpkey command.

In the case of your examples, both generate RSA private keys.

openssl genrsa -out genrsa.key 2048

and

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out genpkey.key

will generate a 2048 bit RSA key with the exponent set to 65537.

Simply cat the resulting files to see that they are both PEM format private keys; although openssl rsa encloses them in BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY while openssl genpkey omits the RSA.

Running openssl rsa text -in <filename> against both shows that they are RSA private keys with the same publicExponent. The newer genpkey command has the option to change this using -pkeyopt rsa_keygen_pubexp:value while the genrsa command doesn't have this option.

The genpkey command can create other types of private keys - DSA, DH, EC and maybe GOST - whereas the genrsa, as it's name implies, only generates RSA keys. There are equivalent gendh and gendsa commands.

However, the OpenSSL documentation states that these gen* commands have been superseded by the generic genpkey command.

In the case of your examples, both generate RSA private keys.

openssl genrsa -out genrsa.key 2048

and

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out genpkey.key

will generate a 2048 bit RSA key with the exponent set to 65537.

Simply cat the resulting files to see that they are both PEM format private keys; although openssl rsa encloses them in BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY while openssl genpkey omits the RSA. The former is PKCS#1 format, while the latter is PKCS#8.

Running openssl rsa text -in <filename> against both shows that they are RSA private keys with the same publicExponent. The newer genpkey command has the option to change this using -pkeyopt rsa_keygen_pubexp:value while the genrsa command doesn't have this option.

Source Link
garethTheRed
garethTheRed
  • 35k
  • 4
  • 101
  • 106

The genpkey command can create other types of private keys - DSA, DH, EC and maybe GOST - whereas the genrsa, as it's name implies, only generates RSA keys. There are equivalent gendh and gendsa commands.

However, the OpenSSL documentation states that these gen* commands have been superseded by the generic genpkey command.

In the case of your examples, both generate RSA private keys.

openssl genrsa -out genrsa.key 2048

and

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out genpkey.key

will generate a 2048 bit RSA key with the exponent set to 65537.

Simply cat the resulting files to see that they are both PEM format private keys; although openssl rsa encloses them in BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY while openssl genpkey omits the RSA.

Running openssl rsa text -in <filename> against both shows that they are RSA private keys with the same publicExponent. The newer genpkey command has the option to change this using -pkeyopt rsa_keygen_pubexp:value while the genrsa command doesn't have this option.