RE: rsa key generation issue/question
I am not familar with ASN.1, or any of the specifice of which the rsa key is generated. It just seemed as it should not be so. What is the ASN.1 encoding, and how is it used? The vast majority of file formats begin with a header that is similar or identical for files that contain different data of the same type. The same is true for most human documents. If you had thirteen parking violations issued by the same officer, their first several words likely would be identical. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: rsa key generation issue/question
I am not familar with ASN.1, or any of the specifice of which the rsa key is generated. It just seemed as it should not be so. What is the ASN.1 encoding, and how is it used? ASN.1 encoding are Basic Encoding Rules for ASN.1, with ASN.1 being the Abstract Syntax Notation Number One, actually in practice instead of Basic Encoding Rules (BER) Distinguished Encoding Rules (DER) are used because more easy to work with. DER sometimes is called TLV or tag-length-value. Hex 30 820139 AABBCCDD... would be a tag 30 (a tag can become abitray bytes long, basically as long as the MSB is 1), length 820139 with mean 8x (MSB set-rest are number of bytes of length field, here two) 0139 so 0x138 bytes should follow, starting with AABBCC in the example. If you would have a web browser, you could read http://en.wikipedia.org/wiki/ASN.1 so I recommend to install one ;) oki, Steffen About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
rsa key generation issue/question
Hello, I have noticed when generating rsa keys that the first 10 digits or so are identical or nearly identical. Is this normal or is something wrong? Does this issue occur for anyone else? The version of openssl I am using is openssl-0.9.8b-8.3.fc6 and I am using -rand /dev/urandom to seed the random number generator.
Re: rsa key generation issue/question
Patrick Parsons wrote: Hello, I have noticed when generating rsa keys that the first 10 digits or so are identical or nearly identical. Is this normal or is something wrong? Does this issue occur for anyone else? could you post the bytes that you're referring to. (my guess is that it's the ASN.1 stuff again) -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: rsa key generation issue/question
Hello, I have noticed when generating rsa keys that the first 10 digits or so are identical or nearly identical. Is this normal or is something wrong? Does this issue occur for anyone else? The version of openssl I am using is openssl-0.9.8b-8.3.fc6 and I am using -rand /dev/urandom to seed the random number generator. This is part of ASN.1 encoding (0x30...). Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: rsa key generation issue/question
These are the first few bytes of the key. Here they are from 10 keys generated with the command: openssl genrsa -rand /dev/urandom MIIBOwIBAAJ MIIBOgIBAAJ MIIBPAIBAAJ MIIBPQIBAAJ MIIBOgIBAAJ MIIBOgIBAAJ MIIBOQIBAAJ MIIBOwIBAAJ MIIBOwIBAAJ MIIBOwIBAAJ On 8/9/07, jimmy bahuleyan [EMAIL PROTECTED] wrote: Patrick Parsons wrote: Hello, I have noticed when generating rsa keys that the first 10 digits or so are identical or nearly identical. Is this normal or is something wrong? Does this issue occur for anyone else? could you post the bytes that you're referring to. (my guess is that it's the ASN.1 stuff again) -jb -- Tact is the art of making a point without making an enemy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: rsa key generation issue/question
Looks like this may be the issue, a flaw in the key generation algorithm. https://www.kb.cert.org/vuls/id/724968 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: rsa key generation issue/question
Hello, Looks like this may be the issue, a flaw in the key generation algorithm. https://www.kb.cert.org/vuls/id/724968 Probably not, this is flow in Montgomery multiplication which is used in modular exponentation. Of course modular exponentation is used in key generation process in p,q prime test (Miller-Rabin) but this simply looks like ASN.1 encoding: $ echo MIIBOQIB | openssl base64 -d | hexdump -C 30 82 01 39 02 01 |0..9..| 0006 or (with some dirty hack) we may try to decode this 6 bytes: $ echo MIIBOQIB | (openssl base64 -d; dd if=/dev/urandom bs=1 count=2000) | openssl asn1parse -inform der 2000+0 records in 2000+0 records out 0:d=0 hl=4 l= 313 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :2C Error in encoding 18407:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:140: Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: rsa key generation issue/question
I am not familar with ASN.1, or any of the specifice of which the rsa key is generated. It just seemed as it should not be so. What is the ASN.1 encoding, and how is it used? On 8/9/07, Marek Marcola [EMAIL PROTECTED] wrote: Hello, Looks like this may be the issue, a flaw in the key generation algorithm. https://www.kb.cert.org/vuls/id/724968 Probably not, this is flow in Montgomery multiplication which is used in modular exponentation. Of course modular exponentation is used in key generation process in p,q prime test (Miller-Rabin) but this simply looks like ASN.1 encoding: $ echo MIIBOQIB | openssl base64 -d | hexdump -C 30 82 01 39 02 01 |0..9..| 0006 or (with some dirty hack) we may try to decode this 6 bytes: $ echo MIIBOQIB | (openssl base64 -d; dd if=/dev/urandom bs=1 count=2000) | openssl asn1parse -inform der 2000+0 records in 2000+0 records out 0:d=0 hl=4 l= 313 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :2C Error in encoding 18407:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:140: Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: rsa key generation issue/question
Hello, I am not familar with ASN.1, or any of the specifice of which the rsa key is generated. It just seemed as it should not be so. What is the ASN.1 encoding, and how is it used? RSA private key is a set of big numbers: n,d,e,p,q,dmp1,dmq1,iqmp. (this is not one number). When this numbers are saved to file there must be some method to distinguish this numbers. For RSA keys ASN.1 coding is used. For more information you may read PKCS#1 standard, in appendix A you will find ASN.1 structure of private key. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
