Openssl pkcs8 default format gives RSA PRIVATE KEY

rsa openssl

I'm running this command on my pc (Openssl version: 1.0.1) :

openssl pkcs8 -inform DER -in file.key -passin pass:12345678a -outform PEM -out key.pem

and i got this key.pem: 

-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANCFPVXwO+6qQdOs
...
wVauPfh0cGEf1Kc=
-----END PRIVATE KEY-----

But when i run the same command it from my server (Openssl version: 0.9.8e-fips-rhel5) i get this output:

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDQhT1V8DvuqkHTrMPFUUAXUl0ihDGoiD86SqK8Z3n19yp1VrJf
...
zHY0343VXnpM2opKwG2E1zgfHfbcLMFWrj34dHBhH9Sn
-----END RSA PRIVATE KEY-----

The Base64 inside is differente and also the headers:

-----BEGIN PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----

The first one works for me, how could i get the -----BEGIN PRIVATE KEY----- output on the 0.9.8 version?

I found this on OpenSsl patch notes:

Change default private key format to PKCS#8.

so, that could be the main issue, i hope someone could help me with this, i dont find the way to get the private key but not the BEGIN RSA PRIVATE KEY one.

Thanks


Solution 1:

Do openssl pkcs8 -topk8 to convert a private key from traditional format to pkcs#8 format.

This format 

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

is referred to as "SSLeay format" or "traditional format" for private key.

I'm not sure which format your key is, so I'll demonstrate the idea with a private key generated by genrsa. When you do genrsa in OpenSSL 0.9.8x, the generated key is in traditional format. That is, after

openssl genrsa -out file.key 1024

you'll get a rsa key in traditional format

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC3TyaSzsJO92/Ahq5rxRI1T0JSC0iF...
-----END RSA PRIVATE KEY-----

Then do pkcs8 with -topk8 to convert this key from traditional format to pkcs#8 format.

openssl pkcs8 -topk8 -inform pem -in file.key -outform pem -nocrypt -out file.pem

Here's what you'll get:

-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BA...
-----END PRIVATE KEY-----

All of the above are done with OpenSSL 0.9.8x. It tells you how to generate PKCS#8 format key from the traditional format key. On the other hand, you can always run this on OpenSSL 1.0.1 to make the key compatible with the older version:

openssl rsa -in file.pem -text > key.pem

Related

Maintain different set of extensions in Chrome, on different PCs [duplicate]
Is it possible to put UFW on CentOS?
How can I find out which parts of an Excel workbook are the biggest in size?
Kill the currently active window with a keyboard shortcut
How to display currently connected users/workstations to a Windows SMB Share?
DDoS Virus infection (as a unix service) on a Debian 8 VM Webserver
How can a processor execute more IPS than its frequency? [duplicate]
Show current file size in vim editor
Excel often save .csv files as tab delimited format. What happened?
What are online, paid SSH account servers for?
Is there a simple way to detect ISP port blocking?
Rotate a table in word