> From: owner-openssl-us...@openssl.org On Behalf Of Jerry OELoo
> Sent: Tuesday, October 28, 2014 04:20
<snip>
> Now I use i2d_RSAPublicKey() to encode on RSA* from EVP_PKEY which
> will show same as [Chrome]
>
> One more thing, I find use i2d_RSAPublicKey() will be get same public
> between openssl API and browser for some sites (twitter.com,
> developer.apple.com), but for www.google.com, I find that is not
> exactly same (just has same begin 30 82 01 0a 02 82 01 01 and others
> are not same).
> so why google is not same?
>
RSA public key is a (default-tagged) SEQUENCE of two INTEGERs.
Some of the len bytes in DER depend on the key size and pubexpt.
At the moment most servers including the three sites you name
are using 2048-bit keys, although that was different in the past
and may change again in the future, and the conventional
pubexpt 65537 aka F4. For those parameters the encoding is
30 82 01 0a # SEQUENCE
02 82 01 01 00 (256 bytes modulus) # INTEGER modulus varies
02 03 01 00 01 # INTEGER pubexpt = 65537
Big websites like google, yahoo, twitter are not one machine.
They are maybe hundreds or machines to share the load,
often spread in locations around the world to reduce latency.
Usually they try to use the same cert&key for all of them or
at least big chunks, but depending on who is managing what
from where and when there is sometimes variation.
As of Tue from my network location, over about 15 minutes,
www.google.com resolves to 16 different IP addresses.
Of these 11 are using a cert with
- serial 04:29:2e:de:7a:09:f6:10
- validity starting 2014 oct 15 10:57:04 Z
- modulus beginning bb:cb:8a:0e
and 5 are using a cert with
- serial 1b:a9:d1:40:05:83:5c:00
- validity starting 2014 oct 22 12:57:51 Z
- modulus beginning c1:52:36:91
For twitter.com I get 11 IPs, all using the same cert.
It may be different at your location or different times.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
