Hello,
Let's generate certificate with ECDSA key over 256 bit field:
openssl ecparam -out key.pem -name prime256v1 -genkey
openssl req -newkey ec:key.pem -x509 -nodes -days 365 -keyout pkey.pem -out
cert.pem
Then part of output of
openssl x509 -text -in cert.pem
will be:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:89:9e:f7:b0:fa:69:b7:e3:1b:62:e8:a5:97:56:
68:4b:36:74:fe:df:e7:f8:fe:a8:a2:0b:a8:2b:a3:
2c:80:d1:6f:4e:00:b8:70:92:b1:2b:20:e9:ff:c4:
f2:10:76:72:4c:34:80:30:a3:37:b5:60:e1:a4:a7:
07:e0:f8:2a:9e
ASN1 OID: prime256v1
Why it states that pub. key is only 256 bits long?
By definition public key consists of two coordinates on EC curve, each 256
bits (for selected curve) long. I.e. 512 bits in total.
Moreover, pub. key dump contains 512 bits too... (04 in first byte
indicates that uncompressed points representation used)
Code in ec_ameth.c::do_EC_KEY_print() calculates public key size as order
of curve used.
What gives us half of real ECDSA pub. key size.
Does this behavior a bug, or somewhere documented convention?
I've studied FIPS 180-3, SP 800-57 and SEC 1: "Elliptic Curve Cryptography"
but didn't find any indications of such conventions.
Maybe I overlooked something?
P.S. Interesting, but Windows displays size of pub. key in this certificate
also as 256 bits long.
