When openssl generates a public/private key pair, does it first generate private key and then computes public key from private key ? Or should public key be calculated at the same time of the private key ?
Is it possible to have multiple public keys which match to the same private key?
Thanks
Not in RSA at least, in fact, you can have one public key with several "different" private keys. In RSA the step is to generate the public key first, then generate the private key afterward. This is because several randomly chosen values are chosen at the start and before the final private key generation, but they're all discarded after generating the private key. Had they were kept, it's possible to redo the step with different values and still use the same public key, but while the resulting private key will look different at first glance, they're mathematically equal. Even if you use algorithms that might create multiple keys, for all intent and purpose, they're the same key, since it will be impossible to infer if a certain key of a set of private keys is used to sign, only that the key is a valid pair for the public key you have.
Also, this seems to be an X-Y question. Even if you find an algorithm that creates multiple public keys for a single private key, since the public key is meant to be, well, public, there's nothing stopping the public from encrypting the same message and observe the identical encrypted result. So you can't have two secretive actors who don't want to be associated to use those keys. As you mention OpenSSL specifically, on SSL you might give different public keys (assuming such algorithm exist, since as I point out it's the reverse in RSA) to different CA or maybe embed them to different apps/device, but since CAs support a single cert serving multiple domains/server, and multiple CAs serving a single domain, there doesn't seem to be any benefit from the current practice.