> From: owner-openssl-users On Behalf Of Pierce Ward > Sent: Wednesday, 31 October, 2007 09:07
> openssl genrsa -out private_key.pem -f4 768 > openssl pkcs8 -in private_key.pem -nocrypt -topk8 -out PK.pem > cat PK.pem | openssl enc -base64 -d > PK.key You don't need a separate step there; just openssl pkcs8 ... -out PK.key -outform DER Also FWIW -f4 is (now?) the default on genrsa. > This will generate a PK.key file (byte format private key) as > expected. The size of the private key is variable. It can be anywhere > from 487 bytes to 491 bytes in length. > > I was wondering if its possible to specify a length to generate > (rather than keep running the above commands until the size is 487!)? > A few other applications/libraries I have used to generate a private > key (bsafe etc) have a constant 487byte length, and I was just unsure > if this could cause an incompatability when trying to integrate the > two. > The length of the ASN.1 DER encoding of an RSA private key may vary by a few bytes depending on whether the private exponent and the various CRT cofactors happen to fall with the high octet of their binary representation below 0x80 or not. For modsize 768 and pubexpt=F4, the actual key structure will be 461-465 bytes. (With pubexpt=3, another common choice, it will be 2 bytes shorter.) The PKCS8 format adds a header for unencrypted (or two for encrypted). Using the standard OID for rsaEncryption, 1.2.840.113549.1.1.1, this adds 26 bytes, so the DER encoding is 487-491 bytes. DER, which often is inherently variable-length, is the convention for much crypto data, and should be compatible with any reasonable application. You could re-generate parameters until you get one whose expt/factors happen to encode at a given length, here the minimum. Or you could get a fixed length by using BER instead and padding items based on modsize. Generally software that can read DER can read the slightly more flexible BER, unless it was coded to be extremely strict about standards. Such a BER encoding might not be reliably signable, but it's hard to think of a situation where you would need or even want to sign a privatekey. You could get fixed 487 using BER only if you also use a different (shorter) OID for the algorithm aka keytype, which may well be possible as there are so many standards to choose from, and perhaps also pubexpt=3. What does openssl asn1parse -in theirfile -inform der show on the fourth line? And openssl pkcs8 -in theirfile -inform der -nocrypt >their.key.only openssl rsa -in their.key.only -text show for publicExponent? Or how about a hex dump of the first about 50 bytes of theirfile? Aside: you do know that 768-bit RSA is now almost within reach of factoring, and thus not very secure? If this is being used for data of any real value, you should go probably to at least 1024 bits, and many people have already gone further, commonly to 1280, 1536, or 2048. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
