Hi Victor
On Thu, Aug 29, 2019 at 07:25:54PM +0530, Mukund Sivaraman wrote:
> Hi Viktor
>
> On Thu, Aug 29, 2019 at 09:48:31AM -0400, Viktor Dukhovni wrote:
> > On Thu, Aug 29, 2019 at 06:25:02PM +0530, Mukund Sivaraman wrote:
> > > A tool such as BIND's dnssec-keygen generates the following formatted
> > > private keys:
> > >
> > > [muks@naina ~]$ cat Kexample.org.+008+10638.private
> > > Private-key-format: v1.3
> > > Algorithm: 8 (RSASHA256)
> > > Modulus: [...]
> > > PublicExponent: [...]
> > > PrivateExponent: [...]
> > > Prime1: [...]
> > > Prime2: [...]
> > > Exponent1: [...]
> > > Exponent2: [...]
> > > Coefficient: [...]
> >
> > Compare the above with:
> >
> > $ openssl genrsa 512 2>/dev/null | openssl rsa -text -noout | egrep -v
> > ':..:'
> > RSA Private-Key: (512 bit, 2 primes)
> > modulus:
> > publicExponent: 65537 (0x10001)
> > privateExponent:
> > prime1:
> > prime2:
> > exponent1:
> > exponent2:
> > coefficient:
> >
> > And it becomes clear that what you're seeing is a sequence of tagged
> > base64 encodings of the BIGNUM elements of the CRT form of an RSA
> > private key.
>
> I am initimately familiar with what these fields mean and the code that
> generates it. The question is not about what the meaning of these fields
> are.
>
> I am asking about where this key format is specified - I want to extend
> it.
I apologize for the way I replied to your email. My response was
arrogantly written. You only tried to help me.
(I realized it soon after sending the email and it has bugged me since.)
Mukund
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
