Hello, Let's generate certificate with ECDSA key over 256 bit field:
openssl ecparam -out key.pem -name prime256v1 -genkey openssl req -newkey ec:key.pem -x509 -nodes -days 365 -keyout pkey.pem -out cert.pem Then part of output of openssl x509 -text -in cert.pem will be: Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:89:9e:f7:b0:fa:69:b7:e3:1b:62:e8:a5:97:56: 68:4b:36:74:fe:df:e7:f8:fe:a8:a2:0b:a8:2b:a3: 2c:80:d1:6f:4e:00:b8:70:92:b1:2b:20:e9:ff:c4: f2:10:76:72:4c:34:80:30:a3:37:b5:60:e1:a4:a7: 07:e0:f8:2a:9e ASN1 OID: prime256v1 Why it states that pub. key is only 256 bits long? By definition public key consists of two coordinates on EC curve, each 256 bits (for selected curve) long. I.e. 512 bits in total. Moreover, pub. key dump contains 512 bits too... (04 in first byte indicates that uncompressed points representation used) Code in ec_ameth.c::do_EC_KEY_print() calculates public key size as order of curve used. What gives us half of real ECDSA pub. key size. Does this behavior a bug, or somewhere documented convention? I've studied FIPS 180-3, SP 800-57 and SEC 1: "Elliptic Curve Cryptography" but didn't find any indications of such conventions. Maybe I overlooked something? P.S. Interesting, but Windows displays size of pub. key in this certificate also as 256 bits long.