BEGIN RSA PRIVATE KEY
It's PKCS#1, which is just an RSA key. It's essentially just a key object in PKCS#8, but without a version or algorithm identifier in front. BEGIN PRIVATE KEY
is PKCS#8, indicating that the key type is contained in the key data itself. From the link:
Unencrypted PKCS#8 encoded data begins and ends with tags:
-----BEGIN PRIVATE KEY----- BASE64 ENCODED DATA -----END PRIVATE KEY-----
In the base64 encoded data, the following DER structure exists:
PrivateKeyInfo ::= SEQUENCE { version Version, algorithm AlgorithmIdentifier, PrivateKey BIT STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
So for an RSA private key, the OID is 1.2.840.113549.1.1.1 and there is an RSAPrivateKey as the PrivateKey key data bitstring.
In contrast BEGIN RSA PRIVATE KEY
, it always specifies an RSA key and therefore does not contain the key type OID. BEGIN RSA PRIVATE KEY
is PKCS#1
:
RSA private key file (PKCS#1)
RSA private key PEM files are specific to RSA keys.
It starts and ends with tags:
-----BEGIN RSA PRIVATE KEY----- BASE64 ENCODED DATA -----END RSA PRIVATE KEY-----
In the base64 encoded data, the following DER structure exists:
RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL }