2

What is the difference between these openssl commands:

  • "openssl genrsa"
  • "openssl genpkey"
  • "openssl req -newkey rsa:bits [everything else]"

Which one should I be using when preparing a new CSR?

user44700
  • 31
  • 3
  • Possible [duplicate](https://security.stackexchange.com/questions/143442/what-are-ssh-keygen-best-practices)? Maybe consider changing question title? – Tom Hale Jan 25 '23 at 14:13

1 Answers1

1

The key generation code is the same in all three cases anyway. This is just a matter of command-line interface.

For most usages, I recommend generating the private key with req because then that's only one command line to generate the key and the certificate request. All other things being equal, less complexity makes for more security.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955