On Sun, Aug 08, 2010 at 02:46:33AM +0200, Mounir IDRASSI wrote: > Hi, >
hi, 10x for your reply. i have no complaints about the openssl key generation process for rsa keys of this size. and don't expect vanilla openssl to do correct math with this key. > I checked the parameters of your 4008 bits key and it is indeed > invalid (q is not prime). agreed. (though the *public* key seems fine, even with the weak factor) > How did you generate it? It would be surprising if it was done > through OpenSSL. pen and paper ;-) first trial factoring, then (optionally) a few elliptic curves, then fermat's little theorem. i know a deterministic primality test would be more scientific, but it is a bit slower on paper ;-) > Anyway, you must generate a new RSA key. > yeah, i am generating a new key. sorry for the composite miztake. > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > On 8/7/2010 1:21 PM, Georgi Guninski wrote: > >openssl-1.0.0a on ubuntu, debian and arch. > >attached a private key and a cert. > > > >~/local/bin/openssl s_server -www -accept 8888 -cert /tmp/CA.cert -key > >/tmp/CA.key > > > >~/local/bin/openssl s_client -connect localhost:8888 > > > >depth=0 CN = CA > >verify return:1 > >*** glibc detected *** /home/build/local/bin/openssl: double free or > >corruption (fasttop): 0x0000000000979300 *** > > > > ~/local/bin/openssl rsa -check -in /tmp/CA.key |more > >writing RSA key > >RSA key error: q not prime # definitely > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org