On 05/27/2012 10:47 AM, Janne Snabb wrote: > On Sun, 27 May 2012, Phil Pennock wrote: > >> When gnutls_dh_params_generate2() is used to generate DH parameters of a >> particular size, it has a tendency to overshoot. >> >> Asking for 2236 bits, a 2237 bit prime seems to be fairly common. > > Ouch! > >> Could GnuTLS 3 *please* get an API call to find out the size in bits of >> the DH prime in a gnutls_dh_params_t ? Perhaps even add a query mode to >> certtool? > > New version of certtool prints out the number of bits. Are you looking > for this: > > $ certtool --dh-info --infile=/var/spool/exim4/gnutls-params-2236 > Generator (8 bits): 02 > > Prime (2240 bits): > 0f:00:55:99:82:cb:c0:eb:42:eb:ef:33 > [..]
That number is an overestimation. It is the number of bytes in the number times 8, thus a function that returns a more precise number would improve this aspect as well. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
