On 12/14/2017 1:34 PM, Viktor Dukhovni wrote:
On Dec 14, 2017, at 1:11 PM, Ken Goldman <kgoldman@xxxxxxxxxx> wrote:
I generate a key and self signed certificate like this:
openssl genrsa -out cakey.pem -aes256 -passout pass:rrrr 2048
openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650
When I dump the certificate, I see
....
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2058 bit)
Modulus:
02:b1:4c:dd:59:4d:72:8d:93:4b:e5:07:89:53:f7:
....
Why 2058 - 10 extra bits? I know that, at times, ASN.1 DER needs an extra byte to make a number positive, but 10 bits?
What version of OpenSSL is this? When I try this with OpenSSL 1.1.0 I get:
$ openssl version
OpenSSL 1.1.0h-dev xx XXX xxxx
$ for i in $(seq 20); do openssl req -nodes -new -x509 -newkey rsa:2048 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/CN=Root CA" 2>/dev/null; openssl x509 -text -in cacert.pem | grep 'Public-Key:'; done
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Same results with master from git.
OpenSSL 1.0.1e-fips 11 Feb 2013 - and I get the same results as you for
1000's of passes. So, apparently, something strange happened to the one
key that I generated for my CA.
It feels like some random leading zero case, but I can't reproduce it
with another key.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
