On Mon, Jan 14, 2013, Dave Thompson wrote: > > OpenSSL non-engine will not *use* a key >16384 for RSA > public operations (encrypt, verify) at all, and will not > use one >3072 with a "large" public exponent e (>64 bits). > OpenSSL can't generate with e > usually 32 bits, but this > could be an issue for interoperation -- or DoS attack. >
Minor point, the older RSA_generate_key function uses an unsigned long value for the exponent e and so is limited by that. The function RSA_generate_ex takes a BIGNUM value so isn't restricted and the EVP_PKEY interface to RSA can also take a BIGNUM. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
