How do I get openssl 3 to generate the right kind of RSA pem file?

Question

Background

With openssl version 1.1.1n, I used to use

openssl genrsa -out myFile.pem

and my key file would look like this:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Problem

However, I recently updated to Ubuntu 22.04 and now I have openssl version 3.0.2. Now when I run that command, the output file looks like this:

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

Notice that the "RSA" is missing. My application now says "unsupported key format" because of this.

What I Tried

I tried using

openssl genpkey -algorithm RSA -out myFile.pem

because the docs for genrsa say it's deprecated and recommend using genpkey instead. But this gave the same results (the file is missing the "RSA" part).

Question

How can I properly generate an RSA key using openssl that matches the old format?

Answer 1

Solution

You can use

openssl genrsa -out myFile.pem -traditional

to get the right file format.

Alternative

For a more backwards compatible command, you can use ssh-keygen instead:

ssh-keygen -t rsa -m PEM -f myFile.pem -N "" <<< y

The <<< y part will answer the "do you want to overwrite the existing file" interactive prompt.

Side Note

The normal output of ssh-keygen (which is an "OpenSSH private key") is actually supported by my application, so the -m PEM was not necessary in my case.