There is no bug here.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=2782
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Please see decrypted private key
http://pastebin.com/DzYLnHZT
On Mon, Apr 2, 2012 at 11:08 PM, Wim Lewis via RT r...@openssl.org wrote:
On 2 Apr 2012, at 10:21 AM, Tamir Khason via RT wrote:
Please see attached good and bad example + plain dump for both
The attached file was corrupted at
Le 03/04/2012 09:38, Tamir Khason via RT a écrit :
Please see decrypted private key
http://pastebin.com/DzYLnHZT
Thanks.
You didn't provide information on where you think the error is,
precisely. I'll base my answer on your previous posts.
You started to say that the coefficients should be
Le 03/04/2012 09:38, Tamir Khason via RT a écrit :
Please see decrypted private key
http://pastebin.com/DzYLnHZT
Thanks.
You didn't provide information on where you think the error is,
precisely. I'll base my answer on your previous posts.
You started to say that the coefficients should be
It seemed that we are speaking about different things.
In certificate i pasted, integers used for exponent1, exponent2 and
coefficient encoded with different lengths. In chapter 8.3 of ISO 8825
there is clear statement of how integer values should be encoded. All
need is to take those numbers from
On 04/03/2012 11:34 AM, Tamir Khason via RT wrote:
It seemed that we are speaking about different things.
In certificate i pasted, integers used for exponent1, exponent2 and
coefficient encoded with different lengths. In chapter 8.3 of ISO 8825
there is clear statement of how integer values
Erwann, Peter
This is right, but all numbers are integers and should be encodeed
accordingly. If encoding assuming fixed size integers, it should use
length octets, if not end-of-contents octets. At least this is how i
read 8.1 from ASN.1 spec
maybe i am failed to explain myself.
DER encoding says how to encode numbers, RSA key elements define what
are those number. So integers from RSA key, should be encoded
according ANS1 DER encoding, which means should be have either length
octets or end-of-contents octets
On Mon, Apr 2, 2012 at
On 04/03/2012 11:34 AM, Tamir Khason via RT wrote:
It seemed that we are speaking about different things.
In certificate i pasted, integers used for exponent1, exponent2 and
coefficient encoded with different lengths. In chapter 8.3 of ISO 8825
there is clear statement of how integer values
On 3 Apr 2012, at 2:34 AM, Tamir Khason via RT wrote:
It seemed that we are speaking about different things.
In certificate i pasted, integers used for exponent1, exponent2 and
coefficient encoded with different lengths.
Yes. This is OK. In fact, it is required by DER (ISO 8825, etc).
In
There is a bug in ASN.1 DER serializer used to generate RSA private
keys. It trims trailing zeros despite the DER specification. Please
see the full info and reproduction steps in my blog
http://khason.net/dev/openssl-bug-or-why-some-private-keys-cannot-be-used-for-net/#comments
--
Tamir
Bonjour,
Le 02/04/2012 13:21, Tamir Khason via RT a écrit :
There is a bug in ASN.1 DER serializer used to generate RSA private
keys. It trims trailing zeros despite the DER specification. Please
see the full info and reproduction steps in my blog
Bonjour,
Le 02/04/2012 13:21, Tamir Khason via RT a écrit :
There is a bug in ASN.1 DER serializer used to generate RSA private
keys. It trims trailing zeros despite the DER specification. Please
see the full info and reproduction steps in my blog
Hello, Erwann
This is not related to .NET. Integer is not only value, but also size.
Both exponents and its coefficients should be the same length
(according RSA definition, both integers) so those numbers should be
serialized into ASN1_INTEGER. In for some reason, you want to have
integer with
Hi,
I'm afraid Erwann is right: you are mistaken in your understanding of
RSA and DER encoding rules.
RSA specifies the size of the modulus and its two primes (in order to be
immune against some factoring attacks) but it says nothing about the
size of the exponents.
Erwann's explanation of
On 04/02/2012 03:28 PM, Tamir Khason via RT wrote:
Hello, Erwann
This is not related to .NET. Integer is not only value, but also size.
Both exponents and its coefficients should be the same length
(according RSA definition, both integers) so those numbers should be
serialized into ASN1_INTEGER.
On 04/02/2012 03:28 PM, Tamir Khason via RT wrote:
Hello, Erwann
This is not related to .NET. Integer is not only value, but also size.
Both exponents and its coefficients should be the same length
(according RSA definition, both integers) so those numbers should be
serialized into
Bonjour,
There's no optimization here.
Consider the following 256bits RSA key components, following the RSA
definition.
p=FD647F21207C128078ED4D815C13BA43
q=D332E9F0E5D1661C4D16DB92A1B2D00B
e=10001
You then have n, the modulus, equal to p*q, which is
Bonjour,
There's no optimization here.
Consider the following 256bits RSA key components, following the RSA
definition.
p=FD647F21207C128078ED4D815C13BA43
q=D332E9F0E5D1661C4D16DB92A1B2D00B
e=10001
You then have n, the modulus, equal to p*q, which is
Erwann, Peter
This is right, but all numbers are integers and should be encodeed
accordingly. If encoding assuming fixed size integers, it should use
length octets, if not end-of-contents octets. At least this is how i
read 8.1 from ASN.1 spec
Tamir,
What are you talking about?
DER encoding doesn't say anything about how the length of RSA key
elements compare to each others.
Read X.690 again, and PKCS#1 also. If you still come with the same
conclusion, re-read again, and again, and again.
Le 02/04/2012 17:09, Tamir Khason via RT
Tamir,
What are you talking about?
DER encoding doesn't say anything about how the length of RSA key
elements compare to each others.
Read X.690 again, and PKCS#1 also. If you still come with the same
conclusion, re-read again, and again, and again.
Le 02/04/2012 17:09, Tamir Khason via RT a
maybe i am failed to explain myself.
DER encoding says how to encode numbers, RSA key elements define what
are those number. So integers from RSA key, should be encoded
according ANS1 DER encoding, which means should be have either length
octets or end-of-contents octets
On Mon, Apr 2, 2012 at
On 04/02/2012 06:34 PM, Tamir Khason via RT wrote:
maybe i am failed to explain myself.
DER encoding says how to encode numbers, RSA key elements define what
are those number. So integers from RSA key, should be encoded
according ANS1 DER encoding, which means should be have either length
octets
On 04/02/2012 06:34 PM, Tamir Khason via RT wrote:
maybe i am failed to explain myself.
DER encoding says how to encode numbers, RSA key elements define what
are those number. So integers from RSA key, should be encoded
according ANS1 DER encoding, which means should be have either length
Tamir,
DER encoding forbids you to use end-of-content octets. PKCS#1 defines
RSA key elements, and doesn't say that exponent1, exponent2 and
coefficient to be the same size.
If you still think you have found a bug in OpenSSL encoding of an RSA
private key, please send this object (in its
Tamir,
DER encoding forbids you to use end-of-content octets. PKCS#1 defines
RSA key elements, and doesn't say that exponent1, exponent2 and
coefficient to be the same size.
If you still think you have found a bug in OpenSSL encoding of an RSA
private key, please send this object (in its PEM
Le 02/04/2012 19:21, Tamir Khason via RT a écrit :
Please see attached good and bad example + plain dump for both
The attached file has been badly altered. It seems all 0x7f-0xff bytes
have been transformed into '?'.
Just place the PEM content of your supposedly bad object in the body of
a
Le 02/04/2012 19:21, Tamir Khason via RT a écrit :
Please see attached good and bad example + plain dump for both
The attached file has been badly altered. It seems all 0x7f-0xff bytes
have been transformed into '?'.
Just place the PEM content of your supposedly bad object in the body of
a
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,520C9220482FFE08
aCxfnQ1IRiNaCCH3cU11XUeh7Ug/MoHnSBaCCL+mMOkFfVfDR8ppe6UNDa25nn5g
PpcJLeC6h+SkLq/i8BUf/ID06R2bbPAe+6Ki5SbdxsnnldEMVArMelBK163c5PYP
2atOiaA0ACckXvFW/MQIzbhfPCOsn9Yd3kIE4tvd9QRt0Uwe1U0MsUqTWACVmaqp
On 2 Apr 2012, at 10:21 AM, Tamir Khason via RT wrote:
Please see attached good and bad example + plain dump for both
The attached file was corrupted at some point in the mail ... perhaps you could
put it on your website? I couldn't read the PEM file you posted either because
it was
31 matches
Mail list logo
