> From: [email protected] On Behalf Of Henrik Ziegeldorf
> Sent: Tuesday, 14 December, 2010 10:35
> I observed, the output of [DSA] keys contains leading zeros for
> priv, pub, P and Q but not for G (see example below). <snip>
> Furthermore, whenever working with the openssl code directly,
> I don't get those leading zeros.
0. the bignums used in the code are unpadded, and values you
directly fetch or store (at the API) don't need padding.
1. commandline dsa -text uses DSA_print which uses do_dsa_print
which uses ASN1_bn_print which adds 00 if the high bit of the number
is set, which is the same condition when ASN.1 (BER/DER) encoding
needs to add 00. From the (location and) name this routine obviously
intends to partly (but not fully) mimic ASN.1; I don't know why.
2. P and Q are full-size and will always have their high-bit set and
be padded. G Y and X are effectively random in the group and subgroup
respectively, so they may or may not have high bit set and be padded.
Depending on P and Q they may be a little more likely (<51%)
to a lot more likely (>99%) to have high bit clear and no pad.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
