>From other discussions on this list over the last few weeks it sounds like
the modulus read from the smartcard can be byte reversed. If the 1024-bit
modulus is 0x87......43 but your smartcard is giving it to you byte reversed
then you could be trying to use the modulus 0x43.....87 which would is
1023-bits.
Steven
--
Steven Reddie <[EMAIL PROTECTED]>
Senior Software Engineer
Computer Associates Pty Ltd (Australia)
> -----Original Message-----
> From: Kenneth R. Robinette [SMTP:[EMAIL PROTECTED]]
> Sent: Saturday, March 24, 2001 1:12 AM
> To: [EMAIL PROTECTED]
> Subject: SmartCard Public Key
>
> I am trying to import the public RSA key (modulus) created on a
> Smart Card into an OpenSSL/OpenSSH key structure. The size of
> the Smart Card public/private key pair is 1024 bits, and the key pair
> was generated onboard the Smart Card.
>
> I use the following code:
>
> Key *k;
> k = key_new(KEY_RSA);
> if(k)
> {
> k->rsa = RSA_generate_key(1024,RSA_F4,NULL,NULL);
> BN_clear_free(k->rsa->n);
> k->rsa->n = BN_bin2bn(data,len,NULL);
> }
>
> If I check the size of k->rsa->n after the RSA_generate_key, the
> result from BN_num_bytes is 128 and from BN_num_bits is 1024.
>
> If I check the size of k->rsa->n after the BN_bin2bn call the result
> from BN_num_bytes is 128 and from BN_num_bits is 1023.
>
> Thel BN_bin2bn function call passes the public key data/len
> obtained from the Smart Card.
>
> I am using the OpenSSL/OpenSSH key structure to hold the public
> key just to be able to use all the current utilities necessary for the
> public key processing such as saving on the local file system,
> uploading to the host and for agent signing.
>
> What is causing the difference in the BN_num_bits result?
>
> Ken
>
>
>
>
> __________________________________________________
> Support
> InterSoft International, Inc.
> Voice: 888-823-1541, International 281-398-7060
> Fax: 888-823-1542, International 281-560-9170
> [EMAIL PROTECTED]
> http://www.securenetterm.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]