Thanks Wim, for your kind informative answer.
Wim Lewis-3 wrote:
On 26 Jul 2011, at 10:16 PM, Katif wrote:
Can you tell me what are the application dependency factor here so we'll
be
able to chase a limit?
It is used as an RSA key exchange certification/private key pairing.
Thanks...
The two things that are variable size are the key material itself, and the
many fields that can occur in a certificate. A private key file just has
key material, so its size should be proportional to the key size in bits
(plus constant overhead); a certificate has key material for the key it
represents, a signature from the issuer's key (which may have a size
dependent on that key's size), and an arbitrary collection of other data
that can be incorporated into the certificate when it's created (such as
the name or address of the subject, or a list of permitted/forbidden uses,
CRL distribution points, legal boilerplate, etc). I don't think there's
any limit to the amount of extension data that can be included in a
certificate, though in practice it's rarely more than a few kilobytes.
I'd suggest parsing a handful of files using openssl asn1parse to get an
idea of what's in there and how large each thing is. The sizes and offsets
that asn1parse gives you refer to the DER-encoded file; a PEM-encoded file
has four bytes for every three of DER, plus another few percent overhead
for line endings.
As Kenneth Goldman says, though, you need to consider what will happen
when you encounter a certificate larger than you expect, because it *will*
happen.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
View this message in context:
http://old.nabble.com/Simple-question%3A-Maximum-length-of-PEM-file--tp32139325p32155520.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org