Re: Certificate for RSA 2048 key says 2058

[Viktor Dukhovni <openssl-users@xxxxxxxxxxxx>]

> On Dec 14, 2017, at 1:11 PM, Ken Goldman <kgoldman@xxxxxxxxxx> wrote:
> 
> I generate a key and self signed certificate like this:
> 
> > openssl genrsa -out cakey.pem -aes256 -passout pass:rrrr 2048
> > openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650
> 
> When I dump the certificate, I see
> 	....
>        Subject Public Key Info:
>            Public Key Algorithm: rsaEncryption
>                Public-Key: (2058 bit)
>                Modulus:
>                    02:b1:4c:dd:59:4d:72:8d:93:4b:e5:07:89:53:f7:
> 	....
> 
> Why 2058 - 10 extra bits?  I know that, at times, ASN.1 DER needs an extra byte to make a number positive, but 10 bits?

What version of OpenSSL is this?  When I try this with OpenSSL 1.1.0 I get:

$ openssl version 
OpenSSL 1.1.0h-dev  xx XXX xxxx

$ for i in $(seq 20); do openssl req -nodes -new -x509 -newkey rsa:2048 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/CN=Root CA" 2>/dev/null; openssl x509 -text -in cacert.pem | grep 'Public-Key:'; done
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)
                Public-Key: (2048 bit)

Same results with master from git.

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users