I have a 2048 bits RSA privateKey.pem and I see it has already generated few 1024 bits certificate requests starting:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
I thought it was not possible to generate 1024 bits certificates from a 2048 bits private key. So I got confirmed here: sslshopper and verified that both the 2048 bits key and 1024 bits CSR have same fingerprint (hash value).
How can I in OpenSSL generate 1024 bits CSR from 2048 bits privateKey.pem ?
I have tried:
openssl req -out CSRequest.pem 1024 -key privateKey.pem -new
openssl req -config csr.cnf -out CSRequest.pem -key privateKey.pem -new
In csr.cnf file I tried:
[ req ]
# Options for the `req` tool (`man req`).
default_bits = 1024
But it still generates 2048 bits certificate requests. How can I get 1024 bits CSR from this privateKey.pem? Any help is highly appreciated.
UPDATED: Here you can see the 1024 bit CSR I want from the 2048 bit RSA Private Key below:
-----BEGIN CERTIFICATE REQUEST-----
MIIBxDCCAS0CAQAwgYMxLTArBgNVBAMTJDNDM0U4MDRELTU5QTYtNDlCRi04MkU3
LTJBMTFFMEZDMDkzNjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
EwlDdXBlcnRpbm8xEzARBgNVBAoTCkFwcGxlIEluYy4xDzANBgNVBAsTBmlQaG9u
ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqVEaqL9/FgLcalnSRqZj6Ngl
4kJ3FqLEyBxluHr83bosAEdKg2fJBn0A1Mp2/A2h4XVt1+/qUFH9eHRY/qUiZLl4
0eyukRcHmNu0nyo9WDE68VcQ8HP82yvL+rS7kB/u1ojUVaCwTFGFyf5f+vkHlpkz
9CEjc44gfqYAswzVQzkCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAGjtJwvvNqV0
7Ih8XURC+rMGdEoND4ua5UJDfnx5BX40upqPbP0iEaUfjE74n55Zem5Fs6LwDy26
TktiKKejZfK/E/3TVySElxeZltOu0cn13YdAcgPIDC4B4Akcn3pGWeFldk1k+08i
Id12Hgfb9tbdZUxisvMV7dug+mbbkkfj
-----END CERTIFICATE REQUEST-----
The 1024 bits CSR above matches the 2048 bits Private key below:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvDmH6zgXQngCAggA
MBQGCCqGSIb3DQMHBAiYfHVS67eUUgSCBMitdJuAxzNL/MmjQC9/5oECX3glXWtj
nCekkFS4rAheu4iszqmiRbRnuUFeSwV28oOyVBzK3XSBQbyxEIG82vNcPBfTImUa
7YUX2ebVXcv1WV5ZpJ4RIP1yIgX7BeBWJInFjIIOR7shjADt+368wdBpdqheafQ9
orxxpIg+v9vsbZV/ho2zEfO1lwhX6J5ErLBvpHscg0woFh7RUtcNpvkjSp/edvsC
CVhcO9I4NzVtgYPfYT5qFFQ6zqf6p+vscvZDjOMTl+awY31JEbFAXBzPq/buf5pb
x6nOxOCC8vfLTtF/EhZ6rUAmyqWWo3gqKaSL3ulzkZvByg4kmtoU2U6UhTIUeJy3
+nV87wryEgIXysPRb7znfFVO1BeGA+xw5cOF9pL4/IWlikqOpJNPShYtRzkjUUJQ
Gt104d90lVheqqW598HQpF2nLL/s7kYbiBLpFmcxEcjEi119oFRYrd5qs1CNjA5i
f3yLJqtKIDoZe7H6AJNnJeun7vJFwB0j/CrDV74omSvQVb0zXrg9Sk6VHn62O28Y
iESyNgkaQ9aLa/xBMMEtCb1nv0dlLbbbFAlrQZVRc1VEyPunNn4u1crV60LHuHo/
oagvfPQQJoiCL+pBxPsHc4OU4Iq7hhDvJ2Eo9ldhERmWZUxDEcZLpIzro4gkav8U
lGgIFdHtYl8DNVRZXeQ2NPw6qe7OTVjqnB1MbvWpbNBAwru7wVbtHVQAI4Bt6V7W
x0TrIW4SKuO7D3bzm444kEmAMMAZ5II54zr+p2zf31KQUHO8U/xgshSmdQzcJ5G4
jztPBbihXqRClL98BRVfCIcRKGQbhrVlRXoj9rDtQaPpQioYOlwJ40Yhk22n8UCy
fNQVAWmP3lRl8M0kyChOGTchqQEFROO3Ur4OP0tRTKkO53mg/TDFSuZKQBKErryM
ICeHIeWoZ1wNyiTTgXZn3Lcwdb5HT8jW8ySJL68bkQ7tBzJEjrWG2PkL5/CBLrRm
xNTNmZ4U8KiHKKtPCFbhARJRM1iVXZIKc3/zONlaSycikb7cew+zFMP3WwBmyEoT
bmfIbkhJ94D45hwAzxw7iXAlzwG1ZHLDrSdWQe5IEaAD+QyZC13NPO/LIg5G8s5t
TdyDdyKieE/BIFx67mx8sf3v6JhLyzL1O+iMBB/wrEUG6AorRUYIqGcZ1maoTqoK
/p0lOxqm+V3TnDHbGkK+l/IRkM1rUPSnkVbTmNm/zf+OvyHYPtcCA+bmdSJtOcsd
fEWkkMXGy53K7/1lar/Vj9UwzTND+QnV5mWJ5MmOQ3t95hx7IcesXRWUQAHubPki
j8Rvpleu+ObxrAsXejhqG1DlDffrkZE/v3cHqWVsjnJcXsPpDScmR+fyXdXlyMEj
GBlPP4W0ker9z9GUN3d7B2A6GYzWGhHT6MnRAcohYzq4uee82lcc06dy3FNDLNZE
d/QfQEfdEKIw1IDD+u/oHliUPLjQCEIlQU651OW52XhkdhJj9ya8Al54t6qv8m9K
GLFVQlbS941A/Sr9tS82kYamaf9yjcq0s6ScRVH2KFYxCZhZBZ/UcWqeqRWYtjeK
miz3tr9pK4pbyXa7qpekgmybw8R18+cqfr1y6AMmdJpqDEzkDK6n/4HiKN40/3se
ReM=
-----END ENCRYPTED PRIVATE KEY-----
This CSR + Key can be verified that they match here:
https://www.sslshopper.com/certificate-key-matcher.html
How is this possible, How can I make CSR like this from this Private Key?
{n,e}
; while you private key has either three parameters{n,e,d}
(short form from PKCS #1) or eight parameters{n,e,d,q,p,dp,dq,qinv}
(long form with CRT parameters from PKCS #1).e
is small, butd
is as large asn
so{n,e,d}
makes the raw "byte size" appear to be double that of a public key.