The private key is a random integer in [1, p-1], not in [2^(log2(p)-1), (2^log2(p))-1]. In DER, an INTEGER is always expressed using the smallest possible number of octets. "001a" is an integer equal to "00000000001a", but it will be represented as "1a". -- Erwann ABALEA Le 24/03/2015 12:10, Annie Yousar a ?crit : > Dear all, > this should not have happened: > > $ for i in `seq 1 1000` ; do if [ "x`openssl ecparam -genkey -name > prime256v1 -noout > key.pem; ls -l key.pem | sed '/ 227 /d'`" != " x" ]; > then echo; cat key.pem;else echo -n "."; fi; done > .................................................................................... > -----BEGIN EC PRIVATE KEY----- > MHYCAQEEH9gjg1X/Gn9X/2VTustsXS/OuWV9LU4ivfp5oewxbACgCgYIKoZIzj0D > AQehRANCAARlO6sLkCzJl7khaT8Nj6z3WpcDnMALQ4nI8Toc4/oYHtgUopeSMEj8 > fgHw9Ym3/2GgClzweJXYLuTYRB7oR/MY > -----END EC PRIVATE KEY----- > ............................................................................ > ... > > Conforming to the standards the EC private key has always a fixed length, > defined by the group order. > > Regards, > Ann. > > > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
