On 19/06/2024 09:15, Lokesh Chakka wrote:
hello,
I'm trying to generate public/private keys with following commands:
openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
openssl ec -in pvtkey.pem -pubout
I'm seeing the sizeof private key as 164 bytes and public key as 124 bytes.
In a wireshark capture( attached ), I'm seeing key length as 65 bytes.
What you are doing is confusing. You have generated public/private key
pair for secp256r1 - but the wireshark capture you show seems to be the
key share from a TLSv1.3 handshake. TLSv1.3 key shares are ephemeral so
- you'll get a different key share every time. You don't need to create
a public/private key for this. OpenSSL does it for you.
Anyway. Taking the key that you generated:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP
GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
-----END PUBLIC KEY-----
This is just a PEM encoding of the real key (base 64 encoding of DER
structured data in PEM headers). Not sure where you get 124 bytes from,
but you can look take a look at the actual key data like this:
$ openssl pkey -in /tmp/key.pem -pubin -noout -text
Public-Key: (256 bit)
pub:
04:55:29:a9:e1:49:e5:41:bc:db:7b:a7:a8:a4:1c:
9e:11:4c:e4:99:81:cf:1a:06:8a:bd:2b:7f:c5:d0:
20:bc:3a:7b:15:72:93:a5:24:fc:50:cf:4b:a4:5f:
1f:e0:91:13:39:78:03:0c:6b:cd:94:80:ea:54:5a:
3e:4f:48:5d:b5
ASN1 OID: prime256v1
NIST CURVE: P-256
This shows you the 65 bytes of raw public key data contained within the
key file.
This key is in "uncompressed" format (the 04 byte at the start indicates
this). Since it is uncompressed we then get an x and a y value to
indicate the point on the curve. Each of these are 32 bytes long (256
bits) - so this gives you 65 bytes in total.
Matt
Can someone help me understand why the difference?
Thanks & Regards
--
Lokesh Chakka.
