17

From OpenSSL 1.0 change log:

Make PKCS#8 the default write format for private keys, replacing the traditional format. This form is standardised, more secure and doesn't include an implicit MD5 dependency. [Steve Henson]

However, I need the private key file in the previous, traditional format. Is it possible to convert the pem file from PKCS#8 to the traditional format (using OpenSSL.exe app)?

Thank you very much!

jww
  • 90,984
  • 81
  • 374
  • 818
rkellerm
  • 5,082
  • 8
  • 53
  • 91

2 Answers2

29

Succeeded to solve that in that way - the request:

openssl req -configconfigfile.cfg -newkey rsa:2048 -keyout newkey.pem -out newreq.pem 365

Then, I converted it to RSA format:

openssl rsa -in newkey.pem -out newkey.pem

Hope that it will help someone.

rkellerm
  • 5,082
  • 8
  • 53
  • 91
  • 3
    If someone is looking to reverse convert it from traditional to pkcs8 format: `openssl pkcs8 -topk8 -inform pem -in file.key -outform pem -nocrypt -out file.pem` – subtleseeker Jan 07 '21 at 11:19
3
  1. rsa private key

To convert from PKCS#1 to PKCS#8:

openssl pkcs8 -topk8 -inform pem -in private_pkcs1.pem -outform pem -nocrypt -out private_pkcs8.pem

To convert from PKCS#8 to PKCS#1:

openssl rsa -in private_pkcs8.pem -out private_pkcs1.pem

  1. rsa public key

To convert from PKCS#8 to PKCS#1:

openssl rsa -pubin -in public_pkcs8.pem -RSAPublicKey_out -out public_pkcs1.pem

To convert from PKCS#1 to PKCS#8:

openssl rsa -RSAPublicKey_in -in public_pkcs1.pem -pubout -out public_pkcs8.pem

Donghua Liu
  • 1,198
  • 2
  • 12
  • 25