> From: owner-openssl-us...@openssl.org On Behalf Of Martin Kaiser
> Sent: Tuesday, 03 May, 2011 07:04
> Thus wrote vichy (vichy....@gmail.com):
>
> > Dear all:
> > I try to use "openssl genrsa -out 1024.private.key 1024" to generate
> > rsa key pairs.
> > if I remember correctly, 1024 is the size of n, the unit in bits and
> > it will be one of public key paris.
>
That 1024 is the size of the modulus n, which is a component of both
the public key and the private key. With overwhelming probability
it is also the size of the private exponent d, in the private key only.
For OpenSSL the public exponent e is always small and here 3 bytes.
(Most other RSA implementations also, although large e is *permitted*.)
> > But when I generate the public key by the command,openssl rsa -in
> > 1024.private.key -pubout.
> > I cannot tell what the key value is.
> > "MIGfMA.....FsvJULwIDAQAB" is 216 characters and if 8 bits for one
> > character, it will be 1728 bits.
>
The default format for most OpenSSL files (all but PKCS12 IIRC)
is PEM, which is base64-encoded plus header and trailer, which
makes the stored file larger than the data contained in it.
You can instead generate pubkey in DER format with
openssl rsa -in priv -out pub.der -pubout -outform der
or convert with
openssl rsa -in pub.pem -pubin -out pub.der -outform der
Note that DER is binary and cannot be handled normally
with cat, vi, more, etc. You need either a program that
does the specific binary format (here openssl rsa) or
a program that does arbitrary binary data (like od).
That's one of the reasons PEM is usually preferred.
pub.der contains 'n' in binary (1024 bits = 128 bytes)
PLUS some additional data ('e' plus ASN.1 prefixes and
an algorithm-identifier value). For a 1024-bit modulus
and this e, it is 3+15+4+3+4+2+3=34 bytes additional.
To see exactly what is in there and where you can do
openssl asn1parse -in pub.der -inform der
# X= offset (first number before colon) of last line =BITSTRING
openssl asn1parse -in pub.der -inform der -strparse $X
# increase each offset by $X + 4 (=hl+bitpad for BITSTRING)
> > it is far beyond the 1024 bits limitation.
> > so I guess I interpret the value of n in the wrong way.
> > How could I tell the exact key value from the output of
> "openssl rsa -pubout"?
>
> kaiser@host:~ > openssl rsa -in myKey.pem -noout -text
Or from the pubkey
openssl rsa -in pub.pem -pubin -noout -text
openssl rsa -in pub.der -inform der -pubin -noout -text
Both give the same n and e, but the latter directly answers
OP's question "from the output of ... -pubout".
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
