Modulus field in text display of a certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/04/2015 04:07, Mabry Tyson wrote:
> I happened to notice what seems to be an output glitch in the textual 
> output of a certificate.
>
> I received a copy of the QuoVadis Root CA 2 certificate as a file. 
> When I examined the certificate via
>     openssl x509 -text -in /tmp/QV.cer    (using OpenSSL 1.0.1 14 Mar 
> 2012 as installed in Ubuntu 14.04)
> I noticed an extra first zero byte of the Modulus was shown, as 
> compared to the display of that certificate in Firefox.
>
>> Certificate:
>>     Data:
>>         Version: 3 (0x2)
>>         Serial Number: 1289 (0x509)
>>     Signature Algorithm: sha1WithRSAEncryption
>>         Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
>> ...
>>        Subject Public Key Info:
>>             Public Key Algorithm: rsaEncryption
>>                 Public-Key: (4096 bit)
>>                 Modulus:
>> 00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f:
>> ...
>> 09:62:04:92:16:10:d8:9e:27:47:fb:3b:21:e3:f8:
>>                     eb:1d:5b
> I believe there should be 4096/8  = 512 bytes in that modulus. There 
> are 15 bytes shown per line.  512/15 = 34 with a remainder of 2.  This 
> output shows 513 bytes (34 lines plus a remainder of 3).
>
>
This is a consequence of the ASN.1 DER/BER encoding rules:
All INTEGER fields are signed, so when the most significant
bit of a 2048 bit value is set, then it needs to be encoded
and processed with an extra leading 0 byte.

OpenSSL displays that leading 0 byte, while NSS (used by
Firefox) apparently hides it.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux