0

It seems that both of the following commands (openssl from LibreSSL) produce private keys. Is there a difference between them? If not, why there are two ways to generate the private keys? Thanks.

openssl genrsa -out key.pem 1024
openssl genpkey -algorithm rsa -out privkey.pem -pkeyopt rsa_keygen_bits:1024
user1424739
  • 7,204
  • 10
  • 38
  • 67

1 Answers1

1

Both ways create RSA keys, albeit in different formats. genrsa outputs a RSA key in PKCS#1 format while genpkey outputs a more generic container which can manage different kinds of keys (like ECC). See Differences between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY" for more on this.

Note that the documentation for genpkey explicitly states that this tool should be used in instead of the algorithm specific genrsa:

The use of the genpkey program is encouraged over the algorithm specific utilities because additional algorithm options and ENGINE provided algorithms can be used.

Steffen Ullrich
  • 90,680
  • 7
  • 99
  • 140
  • Would you please ellaborate what the algorithm specific utilities are besides `genrsa`? The manpage does not explain this explicitly (I think it should. At least I don't know what it specifically refers to.) – user1424739 Dec 25 '20 at 16:56
  • @user1424739: another algorithm specific tool would be `gendsa`. – Steffen Ullrich Dec 25 '20 at 18:30