build environment
openssl version
OpenSSL 1.1.1q
Generate PKCS #1 private key
openssl genrsa -out private#1.pem
PKCS#1 generated by default
-----BEGIN RSA PRIVATE KEY-----
密钥内容
-----END RSA PRIVATE KEY-----
Generate PKCS#8 private key
openssl pkcs8 -topk8 -inform PEM -in private#1.pem -outform PEM -nocrypt -out private#8.pem
Use the generated PKCS #1 private key to generate a PKCS #8 private key through the command
-----BEGIN PRIVATE KEY-----
密钥内容
-----END PRIVATE KEY-----
The obvious difference between PKCS#8 and PKCS#1 is that the RSA logo in BEGIN and END is removed, and the comparison content is not the same. If you want to see the specific structural difference, you can use the ASN1 online analysis tool to paste the key . Through decoding, it can be seen that there are obvious differences in the structure of the two.
Generate PKCS#8 public key
openssl rsa -in private#1.pem -pubout -out public#8.pem
The content is as follows
-----BEGIN PUBLIC KEY-----
密钥内容
-----END PUBLIC KEY-----
Careful friends may find that the generated public key is generated by the PKCS #1 private key. Will the result obtained in this way be a PKCS #8 public key? You can see from the generated results that the obtained is indeed a PKCS #8 public key (because there is no RSA logo). But is it consistent with the result generated by PKCS #8 private key ? The results are consistent, if you don't believe it, you can try it.
openssl rsa -in private#8.pem -pubout -out public#8_2.pem
Is it okay if you want a PKCS #1 public key, of course
Generate PKCS#1 public key from PKCS#8 public key
openssl rsa -pubin -in public#8.pem -RSAPublicKey_out -out public#1.pem
If the generated public key is PKCS#1 by default, can you generate a PKCS#8 public key, of course
Generate PKCS#8 public key from PKCS#1 public key
openssl rsa -in public#1.pem -pubout -RSAPublicKey_in -out public#8.pem
Summarize
OpenSSL 1.1.1q (should be all 1.1.x versions, but not tested others) generates PKCS#1 private key by default. If PKCS#8 private key needs to be converted, the default generated is PKCS#8 public key. If necessary PKCS#1 public key, which needs to be converted.