1

I am attempting to create a public/private key pair using ssh-keygen. I need the key to be in PKCS1 format so that it states "BEING RSA PRIVATE KEY". No matter what I try it appears to only create in PKCS8 format. Any thoughts on what the issue could be?

I am running the following command:

 ssh-keygen -m PEM -t rsa -b 2048

From my understanding specifying the -m PEM format should create it in PKCS1 format. I am expecting the header of the key to state

-----BEGIN RSA PRIVATE KEY-----

but instead it states

-----BEGIN PRIVATE KEY-----

This leads me to believe it is in PKCS8 format. Any thoughts on how to fix this? I am using openssh version 7.4p1.

Improve this question
5
  • Should you generate the keypair using OpenSSL?
    – Tero Kilkanen
    Aug 31, 2020 at 17:24
  • @TeroKilkanen when I run a "yum whatprovides ssh-keygen" is states it is provided by openssh-7.4p1-13.el7_4.x86_64
    – IT_User
    Aug 31, 2020 at 17:28
  • Yes, that is SSH. OpenSSL is the usual tool to generate RSA and other keypairs. Is there a reason not to use OpenSSL?
    – Tero Kilkanen
    Aug 31, 2020 at 17:32
  • @TeroKilkanen not that I am aware of, just how the system is setup. Should I just be able to install a compatible openssl and overwrite the ssh-keygen executable that gets called with the one provided by the openssl rpm?
    – IT_User
    Aug 31, 2020 at 17:34
  • Without further details on the surrounding system I cannot give any answers.
    – Tero Kilkanen
    Aug 31, 2020 at 17:44

2 Answers 2

Reset to default
0

Stop using the option -m PEM. Just generate the key normally.

Improve this answer
6
  • I did this and same result.
    – IT_User
    Aug 31, 2020 at 16:47
  • @Azifor Are you sure about that? Every time I do it, I get -----BEGIN RSA PRIVATE KEY-----.
    – Michael Hampton
    Aug 31, 2020 at 16:49
  • Ran this command " ssh-keygen -t rsa -b 2048 -f test3". And the header states "head -1 test3" -----BEGIN PRIVATE KEY----- Not sure how to format inside of comments but I copy/pasted those commands form the system.
    – IT_User
    Aug 31, 2020 at 16:50
  • @IT_User Are you sure you're using openssh? In any case, the key should be usable as it is. If not, you should specify what you are trying to do with it.
    – Michael Hampton
    Aug 31, 2020 at 16:52
  • Some application it expects the key to state "BEGIN RSA PRIVATE KEY" so it is not usable. They require the pkcs1 format. From what I can tell I am. I see that ssh-keygen is provided by openssh-7.4p1-13.el7_4.x86_64 (yum whatprovides)
    – IT_User
    Aug 31, 2020 at 16:54
0

Make sure your ssh-keygen supports -m and try using lowercase format value, e.g. -m pem.

For example,

$ ssh-keygen -b 2048 -t rsa -m pem -f /tmp/pem_rsa -N "" 2>/dev/null 1>/dev/null && head -n2 /tmp/pem_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA1WLQy9mF43mVJTaTJq8e/aGs5HNMxHYx2wFra5tdMfEk3Li7

$ ssh-keygen -b 2048 -t rsa -m pkcs8 -f /tmp/pkcs8_rsa -N "" 2>/dev/null 1>/dev/null && head -n2 /tmp/pkcs8_rsa
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDLX2+JYL4Rf+JT
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .