Mostly crossdupe https://stackoverflow.com/questions/20065304/differences-between-begin-rsa-private-key-and-begin-private-key
In reasonably recent versions of OpenSSL there is no difference in the key generation done by default, as you used. In 1.0.0 (in 2010) genrsa
defaulted to 512 bits while genpkey
defaulted to 1024 bits, and of course in 0.9.x genpkey
didn't exist. Across all versions which have both commands there are differences in the other options you can add, some of which alter key generation.
The output formats are different, but contain effectively the same information and can be converted easily and losslessly. As in the Q linked above:
PEM type [BEGIN/END] RSA PRIVATE KEY
is OpenSSL's 'traditional' or 'legacy' format, whose contents are defined by PKCS1v2.0 = RFC2437 section 11.1.2 (moved to Appendix C in later versions but v2.0 is close to when SSLeay used it, which later became OpenSSL).
In PEM (but not DER), there is also an encrypted traditional/PKCS1 form using the same label but adding header lines for Proc-type
and DEK-info
.
PEM type [BEGIN/END] PRIVATE KEY
is defined by RFC7468 section 10 with contents defined by PKCS8 = RFC5208 section 5 which was added to OpenSSL about 1999 but described as 'new' until about 2015. The PKCS8 format handles multiple cryptographic algorithms (not just RSA) by containing an 'AlgorithmIdentifier' (a specific ASN.1 syntax borrowed from X.509/PKIX=RFC5280 sections 4.1.1.2, 4.1.2.3, 4.1.2.7 plus wrapped algorithm-specific data which for RSA is the same PKCS1 structure above.
There is also an encrypted PKCS8 form with PEM type [BEGIN/END] ENCRYPTED PRIVATE KEY
-- see the sections in RFC7468 and RFC5208 just after the links above. This encrypted form is also supported in DER, but that is not relevant to your Q.
Traditional format can be converted to unencrypted PKCS8 by
openssl pkey -in old -out new # in 1.0.0 up
openssl pkcs8 -topk8 -nocrypt -in old -out new # in all versions
and PKCS8 format can be converted to unencrypted PKCS1 by
openssl rsa -in new -out old
There are also conversions to the encrypted forms, which genrsa
and genpkey
can also produce but do not do so by default.