Thanks Dave for the clarifications. Regards, Sanjaya On Thu, Jun 6, 2013 at 2:11 AM, Dave Thompson <dthomp...@prinpay.com> wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of sanjaya joshi > >Sent: Wednesday, 05 June, 2013 01:27 > > >I have few queries wrt the RSA private key generation and writing > >using openssl. Could anybody please clearify. > > >(1). Has the behavior of api PEM_write_PrivateKey() has been changed > >between openssl 0.9.8 and 1.0.0 ? > >(2). The above api uses PKCS#8 encoding (while writing) by default in > >1.0.0, but uses PKCS#1 in 0.9.8. Is this correct ? > > Yes. More exactly, since 0.9.8 there have been and still are: > - PEM_write[_bio]_x routines for algorithm-specific forms > (RSAPrivateKey, DSAPrivateKey, ECPrivateKey); for RSA this is PKCS#1 > - routine(s) for PKCS8PrivateKey which does PKCS#8 > > There is also a "generic" routine PrivateKey which in 0.9.8 dispatched > to the algorithm-specific routines but >=1.0.0 just uses PKCS#8. > > Note the PEM_read_ routines (all, I think) accept either form, > distinguished by tag in the BEGIN line. > > This explains the difference you note elsethread in commandline pkcs8. > pkcs8 'import' (not -topk8, outformat PEM) uses PEM_write_PrivateKey. > > >(3). But while generating RSA key using openssl command, no change > >in the behavior, in both the versions. Is this correct ? > > Commandline genrsa uses write_bio_RSAPrivateKey which is PKCS#1. > genpkey for any supported algorithm including RSA writes PKCS#8. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
