Hello, here's the story started at [EMAIL PROTECTED] list several
weeks ago. To summarize, the following certificate was generated
by Microsoft software and, when dumped by OpenSSL 0.9.5a, its
modulus seems to be completely broken.
Also take a look at the length of
the modulus in bits. Nominally it should be 512 bits, while OpenSSL
shows only 510 bits. The problem seems to be that the high bit is
set
First I include the original certificate, its dump by `openssl x509',
and then forwarded message from Matt Thomlinson (Microsoft) explaining
the problem.
My question is if this is a bug in MS software (it shouldn't be
generating such certs), or OpenSSL is getting this wrong as a signed
number?
-----BEGIN CERTIFICATE-----
MIIBSzCB/AIEN5gYKTAHBgUrDgMCAzAeMQswCQYDVQQGEwJQTDEPMA0GA1UEChMG
b2ktd2JkMCYXETAwMDYxMzA5NTQwMy0wMTAwFxEwMTEyMTQwOTU0MDMtMDEwMDBI
MQ8wDQYDVQQDEwZrdXJzMTAxEzARBgNVBAMTCnJlY2lwaWVudHMxDzANBgNVBAsT
Bm9pLXdiZDEPMA0GA1UEChMGb2ktd2JkMFkwCwYJKoZIhvcNAQEBA0oAMEcCQN+q
oPQMo4U+aULJjaw/EldK21DLJj+Z4KkiEWbNHpWcNO+8ZoTf4/c8YvawfSD+iTtS
hG/dIeCZwYeh4/4bFMMCAwEAATAHBgUrDgMCAwNBAIUwzaEwGZVC98cd+Bu/DsYv
9YAF7QQHPDSWyARgOqMzkGXJUCfBT3MWY8ir5pFxSnoJiOCtOiqE+UMPv+8tRhw=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 932714537 (0x37981829)
Signature Algorithm: md5WithRSA
Issuer: C=PL, O=oi-wbd
Validity
Not Before: Jun 13 09:54:03 2000
Not After : Dec 14 09:54:03 2001
Subject: CN=kurs10, CN=recipients, OU=oi-wbd, O=oi-wbd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (510 bit)
Modulus (510 bit):
20:55:5f:0b:f3:5c:7a:c1:96:bd:36:72:53:c0:ed:
a8:b5:24:af:34:d9:c0:66:1f:56:dd:ee:99:32:e1:
6a:63:cb:10:43:99:7b:20:1c:08:c3:9d:09:4f:82:
df:01:76:c4:ad:7b:90:22:de:1f:66:3e:78:5e:1c:
01:e4:eb:3d
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSA
85:30:cd:a1:30:19:95:42:f7:c7:1d:f8:1b:bf:0e:c6:2f:f5:
80:05:ed:04:07:3c:34:96:c8:04:60:3a:a3:33:90:65:c9:50:
27:c1:4f:73:16:63:c8:ab:e6:91:71:4a:7a:09:88:e0:ad:3a:
2a:84:f9:43:0f:bf:ef:2d:46:1c
----- Forwarded message from Matt Thomlinson <[EMAIL PROTECTED]> -----
Subject: RE: outlook certs - solved
From: "Matt Thomlinson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,
"Pawel Krawczyk" <[EMAIL PROTECTED]>,
"Markku-Juhani Saarinen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
I now believe you've decoded the below incorrectly because the leading
bit is set, making this a signed number which may have made some of your
tools croak. Decoding by hand, I get the following mod/exp:
3047 0240 (asn, len, int tag, length of 40)
modulus:
DFAA A0F4 0CA3 853E 6942 C98D AC3F 1257 4ADB 50CB 263F 99E0 A922 1166
CD1E 959C 34EF BC66 84DF E3F7 3C62 F6B0 7D20 FE89 3B52 846F DD21 E099
C187 A1E3 FE1B 14C3
0203 (int tag, length of 3)
exponent:
0100 01
note that the complement of DF = 20, AA = 55, which begins to look a lot
like the number you 'decoded' below.
BTW, I've had our research team check the above modulus (DFAA...) for
trivial factors. We found no prime divisors below 10 million.
--
Paweł Krawczyk <http://ceti.pl/~kravietz/>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
