Thanks for the quick reply, and don't worry about the "bothering" part, it's good for us to be kept on our toes (IN MODERATION, for the rest of you who just started clickety-clicking :-)).
I'm killing this ticket now. [EMAIL PROTECTED] - Tue May 18 20:23:03 2004]: > Yup, you're right. I thought the modulus had to be a power of 2 but I just > realized the error of my ways. Sorry for bothering you. Thanks. /Luis > > -----Original Message----- > From: Richard Levitte - VMS Whacker via RT [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 18, 2004 12:25 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: [openssl.org #886] bug in EVP_PKEY_bits(pubKey) > > > > In message <[EMAIL PROTECTED]> on Tue, 18 May 2004 > 09:13:30 +0200 (METDST), "Valente, Luis via RT" <[EMAIL PROTECTED]> said: > > rt> The EVP_PKEY_bits() function doesn't always return the correct > rt> size for an RSA public key. Consider the following CA certificate > rt> (Verisign's RSA Secure Server CA certificate): > [...] > rt> RSA Public Key: (1000 bit) > rt> Modulus (1000 bit): > rt> 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: > rt> 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: > rt> e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: > rt> 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: > rt> 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: > rt> 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: > rt> b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: > rt> 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: > rt> dd:2d:d6:c8:1e:7b > rt> Exponent: 65537 (0x10001) > [...] > rt> Notice how, in the public key info section, the modulus is > rt> reported as being 1000 bits long when it most certainly should > rt> have been 1024 bits. > > Hmm, if you count the amount of bytes in the modulus output above, you > will find them to be 126. Remove the first 00, since it's there to > make sure the modulus isn't interpreted as a negative number (since > the high bit is set in the following byte, 92). That gives you 125 > bytes, which is 1000 bits. > > I don't see a bug in the output, all things considered, and it's > perfectly ok to have a key of 1000 bits (even if most don't recommend > sizes other than 2^n with a large enough n). > > Unless you can find some more compelling evidence, I think I'll > kill this ticket tomorrow... > > ----- > Please consider sponsoring my work on free software. > See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
