You need to do base64 decoding to find out the real size of the ASN.1 encoded data. Tomas Mraz, OpenSSL On Wed, 2024-06-19 at 14:58 +0530, Lokesh Chakka wrote: > hi, > > please check the following : > > ===================================================================== > ===================== > $ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > using curve name prime256v1 instead of secp256r1 > $ cat pvtkey.pem > -----BEGIN EC PARAMETERS----- > BggqhkjOPQMBBw== > -----END EC PARAMETERS----- > -----BEGIN EC PRIVATE KEY----- > MHcCAQEEIAXXAWUj/cUQT8pDLKp5r269mw58aTzr/hYAEXQZVQqUoAoGCCqGSM49 > AwEHoUQDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHPGgaKvSt/xdAgvDp7FXKTpST8 > UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== > -----END EC PRIVATE KEY----- > $ openssl ec -in pvtkey.pem -pubout > read EC key > writing EC key > -----BEGIN PUBLIC KEY----- > MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP > GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ== > -----END PUBLIC KEY----- > ===================================================================== > ===================== > > sizeof private key is 164 bytes and the public key is 124 bytes. > > > Thanks & Regards > -- > Lokesh Chakka. > > > On Wed, Jun 19, 2024 at 2:28 PM Tomas Mraz <tomas@xxxxxxxxxxx> wrote: > > Hi Lokesh, > > > > I am not sure how do you count the sizes of 164 bytes and 124 bytes > > for > > the pem files. > > > > If I use -outform DER (and use -noout with the ecparam to avoid > > outputting the params because the private key already contains info > > about the params used) I see the following sizes for the DER > > encoded > > data: > > > > private key: 121 bytes > > public key: 91 bytes > > > > Given both files contain information about the group used and other > > ASN.1 encoding related stuff, and that the private key file > > contains 32 > > bytes of the private key but also the encoded uncompressed public > > key > > of 65 bytes, this is fully expected. > > > > Tomas Mraz, OpenSSL > > > > On Wed, 2024-06-19 at 13:45 +0530, Lokesh Chakka wrote: > > > hello, > > > > > > I'm trying to generate public/private keys with following > > > commands: > > > > > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem > > > openssl ec -in pvtkey.pem -pubout > > > > > > I'm seeing the sizeof private key as 164 bytes and public key as > > > 124 > > > bytes. > > > > > > In a wireshark capture( attached ), I'm seeing key length as 65 > > > bytes. > > > > > > Can someone help me understand why the difference? > > > > > > Thanks & Regards > > > -- > > > Lokesh Chakka. > > -- Tomáš Mráz, OpenSSL
