Bob Bradley wrote:
On 4/1/05 1:57 AM, "Nils Larsch" <[EMAIL PROTECTED]> wrote:
the dh public key is the result of g**k mod p (k is the private key)
operation and hence may have less than BN_num_bytes(p) bytes (approx.
every 256 key should have <= 127 bytes).
I didn't realize that. Thanks for the explanation.
Is it safe to BN_clear_free() and NULL out the pub_key and priv_key fields
of the DH structure and call DH_generate_key again until it generates a
128-byte key?
this of course reduces the key space for the private key, but if you
really need a fixed size public key you need to do it.
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
