>From: owner-openssl-us...@openssl.org On Behalf Of sanjaya joshi
>Sent: Wednesday, 05 June, 2013 01:27
>I have few queries wrt the RSA private key generation and writing
>using openssl. Could anybody please clearify.
>(1). Has the behavior of api PEM_write_PrivateKey() has been changed
>between openssl 0.9.8 and 1.0.0 ?
>(2). The above api uses PKCS#8 encoding (while writing) by default in
>1.0.0, but uses PKCS#1 in 0.9.8. Is this correct ?
Yes. More exactly, since 0.9.8 there have been and still are:
- PEM_write[_bio]_x routines for algorithm-specific forms
(RSAPrivateKey, DSAPrivateKey, ECPrivateKey); for RSA this is PKCS#1
- routine(s) for PKCS8PrivateKey which does PKCS#8
There is also a "generic" routine PrivateKey which in 0.9.8 dispatched
to the algorithm-specific routines but >=1.0.0 just uses PKCS#8.
Note the PEM_read_ routines (all, I think) accept either form,
distinguished by tag in the BEGIN line.
This explains the difference you note elsethread in commandline pkcs8.
pkcs8 'import' (not -topk8, outformat PEM) uses PEM_write_PrivateKey.
>(3). But while generating RSA key using openssl command, no change
>in the behavior, in both the versions. Is this correct ?
Commandline genrsa uses write_bio_RSAPrivateKey which is PKCS#1.
genpkey for any supported algorithm including RSA writes PKCS#8.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
