Private key format changes when migrating from 9.x to 11.x using IControl API

Key Type in the old LTM is KTYPE_RSA_PRIVATE, and the Key Type in New LTM is RSA key_import_from_pem_v2 doesn't allow passing of the key_type explicitly, so I am not sure how to do it

The format that starts with '-----BEGIN RSA PUBLIC KEY-----' is PKCS1. It is simply the key object. It must be an RSA key (as indicated by the block header). The format that starts with '-----BEGIN PUBLIC KEY-----' is PKCS8. The key type and algorithm are are encoded within the base64 encoded data.

 

Further reading: http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key

 

Convert to PKCS8 format: $ openssl pkcs8 -topk8 -in keyfrom9x.key -nocrypt -out pcsk8.key $ md5sum pkcs8.key 2771112811d82b6fb29d55656d957b1e pkcs8.key << The key is the same as stored by the BIGIP $ md5sum 2771112811d82b6fb29d55656d957b1e keyimportedto11x.key

 

$ openssl rsa -in pcsk8.key -out rsa-new.key << This should work, and does on my systems. writing RSA key

 

$ md5sum rsa-new.key efb57dd9a66be6822669a673db007ea7 rsa-new.key << The key converted from PKCS1 to PKCS8 and back to PKCS1 $ md5sum efb57dd9a66be6822669a673db007ea7 keyfrom9x.key << is the same as the original