Thanks Wim, for your kind & informative answer.
Wim Lewis-3 wrote: > > > On 26 Jul 2011, at 10:16 PM, Katif wrote: >> Can you tell me what are the application dependency factor here so we'll >> be >> able to chase a limit? >> >> It is used as an RSA key exchange certification/private key pairing. >> >> Thanks... > > > The two things that are variable size are the key material itself, and the > many fields that can occur in a certificate. A private key file just has > key material, so its size should be proportional to the key size in bits > (plus constant overhead); a certificate has key material for the key it > represents, a signature from the issuer's key (which may have a size > dependent on that key's size), and an arbitrary collection of other data > that can be incorporated into the certificate when it's created (such as > the name or address of the subject, or a list of permitted/forbidden uses, > CRL distribution points, legal boilerplate, etc). I don't think there's > any limit to the amount of extension data that can be included in a > certificate, though in practice it's rarely more than a few kilobytes. > > I'd suggest parsing a handful of files using "openssl asn1parse" to get an > idea of what's in there and how large each thing is. The sizes and offsets > that asn1parse gives you refer to the DER-encoded file; a PEM-encoded file > has four bytes for every three of DER, plus another few percent overhead > for line endings. > > As Kenneth Goldman says, though, you need to consider what will happen > when you encounter a certificate larger than you expect, because it *will* > happen. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/Simple-question%3A-Maximum-length-of-PEM-file--tp32139325p32155520.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
