On Sun, Aug 08, 2010 at 02:46:33AM +0200, Mounir IDRASSI wrote:
>  Hi,
> 

hi,

10x for your reply.

i have no complaints about the openssl key generation process for rsa
keys of this size. and don't expect vanilla openssl to do correct math
with this key.


> I checked the parameters of your 4008 bits key and it is indeed
> invalid (q is not prime).

agreed. (though the *public* key seems fine, even with the weak factor)

> How did you generate it? It would be surprising if it was done
> through OpenSSL.

pen and paper ;-) first trial factoring, then (optionally) a few
elliptic curves, then fermat's little theorem. i know a deterministic
primality test would be more scientific, but it is a bit slower on paper
;-)


> Anyway, you must generate a new RSA key.
> 

yeah, i am generating a new key. sorry for the composite miztake.

> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
> 
> On 8/7/2010 1:21 PM, Georgi Guninski wrote:
> >openssl-1.0.0a on ubuntu, debian and arch.
> >attached a private key and a cert.
> >
> >~/local/bin/openssl s_server -www -accept 8888 -cert /tmp/CA.cert  -key 
> >/tmp/CA.key
> >
> >~/local/bin/openssl s_client -connect localhost:8888
> >
> >depth=0 CN = CA
> >verify return:1
> >*** glibc detected *** /home/build/local/bin/openssl: double free or 
> >corruption (fasttop): 0x0000000000979300 ***
> >
> >  ~/local/bin/openssl rsa -check -in /tmp/CA.key |more
> >writing RSA key
> >RSA key error: q not prime # definitely
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       openssl-dev@openssl.org
> Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to