In message <[EMAIL PROTECTED]> on Tue, 18 May 2004 09:13:30 +0200 (METDST), "Valente, Luis via RT" <[EMAIL PROTECTED]> said:
rt> The EVP_PKEY_bits() function doesn't always return the correct rt> size for an RSA public key. Consider the following CA certificate rt> (Verisign's RSA Secure Server CA certificate): [...] rt> RSA Public Key: (1000 bit) rt> Modulus (1000 bit): rt> 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: rt> 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: rt> e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: rt> 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: rt> 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: rt> 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: rt> b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: rt> 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: rt> dd:2d:d6:c8:1e:7b rt> Exponent: 65537 (0x10001) [...] rt> Notice how, in the public key info section, the modulus is rt> reported as being 1000 bits long when it most certainly should rt> have been 1024 bits. Hmm, if you count the amount of bytes in the modulus output above, you will find them to be 126. Remove the first 00, since it's there to make sure the modulus isn't interpreted as a negative number (since the high bit is set in the following byte, 92). That gives you 125 bytes, which is 1000 bits. I don't see a bug in the output, all things considered, and it's perfectly ok to have a key of 1000 bits (even if most don't recommend sizes other than 2^n with a large enough n). Unless you can find some more compelling evidence, I think I'll kill this ticket tomorrow... ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsv�gen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
