On 04/04/2015 04:07, Mabry Tyson wrote: > I happened to notice what seems to be an output glitch in the textual > output of a certificate. > > I received a copy of the QuoVadis Root CA 2 certificate as a file. > When I examined the certificate via > openssl x509 -text -in /tmp/QV.cer (using OpenSSL 1.0.1 14 Mar > 2012 as installed in Ubuntu 14.04) > I noticed an extra first zero byte of the Modulus was shown, as > compared to the display of that certificate in Firefox. > >> Certificate: >> Data: >> Version: 3 (0x2) >> Serial Number: 1289 (0x509) >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 >> ... >> Subject Public Key Info: >> Public Key Algorithm: rsaEncryption >> Public-Key: (4096 bit) >> Modulus: >> 00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f: >> ... >> 09:62:04:92:16:10:d8:9e:27:47:fb:3b:21:e3:f8: >> eb:1d:5b > I believe there should be 4096/8 = 512 bytes in that modulus. There > are 15 bytes shown per line. 512/15 = 34 with a remainder of 2. This > output shows 513 bytes (34 lines plus a remainder of 3). > > This is a consequence of the ASN.1 DER/BER encoding rules: All INTEGER fields are signed, so when the most significant bit of a 2048 bit value is set, then it needs to be encoded and processed with an extra leading 0 byte. OpenSSL displays that leading 0 byte, while NSS (used by Firefox) apparently hides it. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
