Re: Why x509 displays ECDSA pub. key size two times less than actual?
On 25/08/12 22:48, Andrey Kulikov wrote: Does this behavior a bug, or somewhere documented convention? I've studied FIPS 180-3, SP 800-57 and SEC 1: Elliptic Curve Cryptography but didn't find any indications of such conventions. Maybe I overlooked something? By convention the key size for ECC is given as the number of bits in the order. E.g. see table 3 in SEC 1. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Why x509 displays ECDSA pub. key size two times less than actual?
By convention the key size for ECC is given as the number of bits in the order. E.g. see table 3 in SEC 1. Could you please provide a reference to document, defining this convention? Unfortunatelly table 3 in section B.2.1 of SEC 1 (both v1 and v2) shows only comparison of security level of diffefent algorithmsm and not related to the questions.
Re: Why x509 displays ECDSA pub. key size two times less than actual?
On 26/08/12 14:50, Andrey Kulikov wrote: By convention the key size for ECC is given as the number of bits in the order. E.g. see table 3 in SEC 1. Could you please provide a reference to document, defining this convention? Unfortunatelly table 3 in section B.2.1 of SEC 1 (both v1 and v2) shows only comparison of security level of diffefent algorithmsm and not related to the questions. Well, I was offering table 3 merely as an example of where this convention is used. Table 3 is comparing different key sizes for different types of algorithm (It is labeled as Comparable key sizes). For ECC the key size is stated to be size of n in bits (where n is the order). Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Why x509 displays ECDSA pub. key size two times less than actual?
For ECC the key size is stated to be size of n in bits (where n is the order). 'n' is an order of base point 'G' on EC - i.e. size of private key (what should be in range [1; n-1]), not public. Thus, I understand that it is a size of EC private key 'd', what shown in table 3 in SEC 1.
Re: Why x509 displays ECDSA pub. key size two times less than actual?
On 26/08/12 16:15, Andrey Kulikov wrote: For ECC the key size is stated to be size of n in bits (where n is the order). 'n' is an order of base point 'G' on EC - i.e. size of private key (what should be in range [1; n-1]), not public. Thus, I understand that it is a size of EC private key 'd', what shown in table 3 in SEC 1. Correct. This is what is normally referred to when you are talking about key size within ECC, i.e. in your X509 output it is showing the public key data associated with a 256 bit private key...even though the public key data itself is longer (because it is in uncompressed form). Talking about the bit-length of the public key data is not particularly helpful because it depends on whether it is in compressed format or not. By the way this topic is probably better placed on the openssl-users list. Matt __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Why x509 displays ECDSA pub. key size two times less than actual?
Talking about the bit-length of the public key data is not particularly helpful because it depends on whether it is in compressed format or not. Sorry, but size of public key does not depends on size of it's representation. It can be compressed, Base64 encoded, etc., but it does not change size of original data. x509 command output was mentioned only for example. The aim was is to understand, why OpenSSL (and not only) consider size of something as twice as less of actual size, while displaying data itself on next line of proper size. Title for this data is 'Public key', not 'Size of private key, public key in this certificate related to'. What trows my programmer's ming into cognitive dissonance. Is it bug, feature, or [yet] hidden convention?
Re: Why x509 displays ECDSA pub. key size two times less than actual?
On 26/08/12 16:51, Andrey Kulikov wrote: Talking about the bit-length of the public key data is not particularly helpful because it depends on whether it is in compressed format or not. Sorry, but size of public key does not depends on size of it's representation. It can be compressed, Base64 encoded, etc., but it does not change size of original data. Well, if you are not talking about the bit length of a particular representation, then it is no longer clear what you mean by the size of the original data. What size are you referring to if not the size of a representation? Perhaps you mean the entropy (as per Claude Shannon - Information Theory). This is the only invariant I can think of in terms of expressing the size of the original data. In which case the number of bits would be the same as the compressed representation. As I said. Its not particularly helpful to talk about the bit-length of the public key data. x509 command output was mentioned only for example. The aim was is to understand, why OpenSSL (and not only) consider size of something as twice as less of actual size, while displaying data itself on next line of proper size. As I said before it is convention when talking about a key size to mean the number of bits in the order (i.e. the size of the private key). Perhaps the output is a little misleading if you are unfamiliar with the convention.but the same could be said about a lot of stuff in the crypto world!! Personally, I think the output is reasonable. Title for this data is 'Public key', not 'Size of private key, public key in this certificate related to'. What trows my programmer's ming into cognitive dissonance. Is it bug, feature, or [yet] hidden convention? __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Why x509 displays ECDSA pub. key size two times less than actual?
As I said before it is convention when talking about a _key size_ to mean the number of bits in the order (i.e. the size of the private key). If we talking about just 'key size', then yes, we assume private key size. But I've never heard of convention to assume that for ECC public key size is equal to private key size. If this convention defined, or at least mentioned somewhere, it would be wonderful to have a reference to this document.