The default key size for an RSA key generated with genpkey is 1024 bits:
» openssl genpkey -algorithm RSA 2>/dev/null | openssl rsa -noout -text | grep RSA
RSA Private-Key: (1024 bit, 2 primes)
The older (deprecated?) genrsa has a different default, of 2048 bits:
» openssl genrsa 2>/dev/null | openssl rsa -noout -text | grep RSA
RSA Private-Key: (2048 bit, 2 primes)
My understanding is that 1024-bit long keys are not considered secure these days. (And that CAs have required at least 2048 bits keys for RSA keys since 2014.) The difference between genrsa and genpkey makes me think this is a mistake. (I suspect genrsa, despite being superseded, is much more commonly used due to the number of examples on the Internet that use it.)
I am using OpenSSL v1.1.1b on Arch Linux:
» openssl version
OpenSSL 1.1.1b 26 Feb 2019
The default key size for an RSA key generated with
genpkeyis 1024 bits:The older (deprecated?)
genrsahas a different default, of 2048 bits:My understanding is that 1024-bit long keys are not considered secure these days. (And that CAs have required at least 2048 bits keys for RSA keys since 2014.) The difference between
genrsaandgenpkeymakes me think this is a mistake. (I suspectgenrsa, despite being superseded, is much more commonly used due to the number of examples on the Internet that use it.)I am using OpenSSL v1.1.1b on Arch Linux: