On Wed, Dec 15, 2010 at 12:58 AM, Victor Duchovni <victor.ducho...@morganstanley.com> wrote: > On Tue, Dec 14, 2010 at 09:46:11PM -0800, Kannan J wrote: > >> I'm copying and pasting the text from the smart card guide. It is too > big to attach. > > Please use plain-text (non-HTML) email when sending mail to lists. Agreed.
>> The following convention applies for the P, Q, DP1, DQ1, and PQ parameters: >> P is the smallest RSA prime >> Q is the other RSA prime >> ... >> PQ = P-1 mod Q > > Then "PQ" is not a product, rather the value "P-1" mod Q. So what's the > issue? > >> NOTE: For the key being loaded, Size of (P) must be equal to Size of (Q) and >> this value must be half >> the size of modulus. For example: For RSA 2048-bit key, modulus size is 256, >> and size (P) , Size (Q) are half the modulus size, (I.e.) 128 bytes > > Perhaps your primes are not exactly 128-bytes long? They may need to be > padded with leading zeros. Microsoft .Net goes the other way in the case of DSA: if there is a leading 00 octect (from an ASN1 encoding) *and* the bigint is 129 bytes (due to the leading 00), .Net will throw an exception. The 0x00 has to be stripped. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org