Re: Openssl generating 1024 bit keys when default_bits is set to 4096 bit
Ralf Skyper Kaiser wrote:
> OpenSSL 1.0.1e 11 Feb 2013
> $ grep bits openssl.cnf
> default_bits = 4096
> => Note that the default_bits are set to 4096.
> $ openssl req -config openssl.cnf -nodes -newkey rsa -keyout
> testkey.pem -keyform PEM -out testreq.pem -outform PEM
> Generating a 4096 bit RSA private key
> writing new private key to 'testkey.pem'
> => Note that Openssl tells us that it is generating a 4096 bit key.
> $ openssl rsa -text <testkey.pem | less | grep Key
> Private-Key: (1024 bit)
> => ...but openssl generated a 1024 bit key instead.
> (The workaround is to force openssl with -newkey rsa:4096.)
> Two concerns:
> 1. Openssl should create a 4096 bit key if the default setting is 4096
> 2. Openssl should not show that a 4096 bit key is generated and then
> generate something much weaker.
the output of the command you gave is indeed confusing, but if you use