See https://polarssl.org/kb/cryptography/asn1-key-structures-in-der-and-pem (find the page "BEGIN RSA PRIVATE KEY") ( link to the archive for posterity, just in case).
BEGIN RSA PRIVATE KEY is PKCS # 1 and is simply an RSA key. This, in fact, is only a key object from PKCS # 8, but without a version indicator or algorithm in front. BEGIN PRIVATE KEY is PKCS # 8 and indicates that the key type is included in the key data itself. Link:
Unencrypted PKCS # 8 encoded data begins and ends with tags:
-----BEGIN PRIVATE KEY----- BASE64 ENCODED DATA -----END PRIVATE KEY-----
Inside base64 encoded data, the following DER structure is present:
PrivateKeyInfo ::= SEQUENCE { version Version, algorithm AlgorithmIdentifier, PrivateKey BIT STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
So, for the RSA private key, the OID is 1.2.840.113549.1.1.1, and there is RSAPrivateKey as the string string of the PrivateKey data key.
Unlike the BEGIN RSA PRIVATE KEY , which always indicates the RSA key and therefore does not include the OID of the key. BEGIN RSA PRIVATE KEY PKCS#1 :
RSA Private Key File (PKCS # 1)
The PEM file for the RSA private key is specific to RSA keys.
It starts and ends with tags:
-----BEGIN RSA PRIVATE KEY----- BASE64 ENCODED DATA -----END RSA PRIVATE KEY-----
Inside base64 encoded data, the following DER structure is present:
RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL }