Le 21/06/2012 18:18, Sukalp Bhople a écrit :
Thank you very much for the helpful response,
I searched for the terms you used in your reply and I found them in
one of the function.
This function is
/static int RSA_eay_public_encrypt(int flen, const unsigned char *from,/
/ unsigned char *to, RSA *rsa, int padding)/
/
/
You'll also find it in its "decrypt" counterpart.
I was wondering, if there is any check on e while verifying
certificate chains? (For instance, client certificate verification at
server side)
Why would you want a specific check on e? The check is done on the
entire signature, with the entire key. Why e?
For example, if the certificate presented by client has very large
public exponent then what happen?
How this e is stored? There should be some limit (data type BIGNUM) on it?
Is this right?
In a certificate, the element named subjectPublicKeyInfo is a SEQUENCE
composed of 2 items, an algorithm identifier (also a SEQUENCE containing
an OID and some parameters) and the subjectPublicKey. The latter is
enclosed in a BITSTRING, and if it's an RSA key, it really contains a
PKCS#1 encoded public key: a SEQUENCE containing 2 INTEGERS, modulus and
public exponent.
You can have any sized INTEGERS in here, and OpenSSL will parse them
correctly.
If the certificate has a very large public exponent, and a verification
is performed, and the described limits are not overridden, there's no
problem to expect. If you comment the limits in your own compiled
library, there will still be no problem.
You can get into a situation where a public RSA operation takes more
time than a private one, if e is sufficiently large. But that's all.
On Thu, Jun 21, 2012 at 5:14 PM, Erwann Abalea
<erwann.aba...@keynectis.com <mailto:erwann.aba...@keynectis.com>> wrote:
The only limit check that I know is performed is if the modulus is
strictly larger than OPENSSL_RSA_SMALL_MODULUS_BITS bits (3072 by
default), then the public exponent must be less then or equal to
OPENSSL_RSA_MAX_PUBEXP_BITS bits (64 by default).
You can then have a 3072bits RSA key with a public exponent of any
size. Or a 3073bits RSA key with a public exponent limited to 64bits.
Other than for performance, I don't see any reason to limit the
size of the public exponent.
Le 21/06/2012 16:41, Sukalp Bhople a écrit :
Hello guys,
I was looking into the (RSA) certificate verification in
Openssl. I was wondering if Opensssl checks the size of the
public exponent.
Or what is the max public exponent accepted by server?
--
Erwann ABALEA
-----
ovopostégallinadoxie: doctrine qui soutient que la poule est apparue avant
l'oeuf