Richard Levitte via RT schrieb: > [EMAIL PROTECTED] - Thu Jul 1 12:52:19 2004]: > > >>I'd suggest to clarify the man page of 'BN_num_bits': >>People (such as me) are tempted to use 'BN_num_bits' to get the key > > size > >>(class) of a private or public key, and expect that its size matches > > the > >>size (class) of its counterpart (public or private key). With "size >>class" I mean 512, 1024, 2048 bit etc. >>Now what I experience is that the size of the public key that was >>generated from a given private key (e.g. with 'DH_generate_key') does >>not always match the size of the private key, which is confusing... > > > I just committed the following change, is that satisfactory? > > Index: doc/crypto/BN_num_bytes.pod > =================================================================== > RCS file: /e/openssl/cvs/openssl/doc/crypto/BN_num_bytes.pod,v > retrieving revision 1.3 > retrieving revision 1.3.8.1 > diff -u -r1.3 -r1.3.8.1 > --- doc/crypto/BN_num_bytes.pod 24 Feb 2000 11:55:05 -0000 1.3 > +++ doc/crypto/BN_num_bytes.pod 1 Jul 2004 12:33:44 -0000 1.3.8.1 > @@ -16,8 +16,14 @@ > > =head1 DESCRIPTION > > -These functions return the size of a B<BIGNUM> in bytes or bits, > -and the size of an unsigned integer in bits. > +BN_num_bytes() returns the size of a B<BIGNUM> in bytes. > + > +BN_num_bits_word() returns the number of significant bits in a word. > +If we take 0x00000432 as an example, it returns 11, not 16, not 32. > +Basically, except for a zero, it returns I<floor(log2(w))+1>. > + > +BN_num_bits() returns the number of significant bits in a B<BIGNUM>, > +following the same principle as BN_num_bits_word(). > > BN_num_bytes() is a macro. > > @@ -25,9 +31,23 @@ > > The size. > > +=head1 NOTES > + > +Some have tried using BN_num_bits() on individual numbers in RSA keys, > +DH keys and DSA keys, and found that they don't always come up with > +the number of bits they expected (something like 512, 1024, 2048, > +...). This is because generating a number with some specific number > +of bits doesn't always set the highest bits, thereby making the number > +of I<significant> bits a little lower. If you want to know the "key > +size" of such a key, either use functions like RSA_size(), DH_size() > +and DSA_size(), or use BN_num_bytes() and multiply with 8 (although > +there's no real guarantee that will match the "key size", just a lot > +more probability). > + > =head1 SEE ALSO > > -L<bn(3)|bn(3)> > +L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>, > +L<RSA_size(3)|RSA_size(3)> > > =head1 HISTORY > >
Perfect! Thanks a lot. Michael -- ================================================= Michael Schmidt ------------------------------------------------- Institute for Data Communications Systems University of Siegen, Germany ------------------------------------------------- http: www.nue.et-inf.uni-siegen.de e-mail: [EMAIL PROTECTED] mobile: +49 179 7810214 ================================================= ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]