Re: [openssl-users] Modulus field in text display of a certificate
> > Modulus: > > 00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f: The leading zero is so that you don't confuse it with a sign bit. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Modulus field in text display of a certificate
On 04/04/2015 07:18, Jakob Bohm wrote: On 04/04/2015 04:07, Mabry Tyson wrote: I happened to notice what seems to be an output glitch in the textual output of a certificate. I received a copy of the QuoVadis Root CA 2 certificate as a file. When I examined the certificate via openssl x509 -text -in /tmp/QV.cer(using OpenSSL 1.0.1 14 Mar 2012 as installed in Ubuntu 14.04) I noticed an extra first zero byte of the Modulus was shown, as compared to the display of that certificate in Firefox. Certificate: Data: Version: 3 (0x2) Serial Number: 1289 (0x509) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 ... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f: ... 09:62:04:92:16:10:d8:9e:27:47:fb:3b:21:e3:f8: eb:1d:5b I believe there should be 4096/8 = 512 bytes in that modulus. There are 15 bytes shown per line. 512/15 = 34 with a remainder of 2. This output shows 513 bytes (34 lines plus a remainder of 3). This is a consequence of the ASN.1 DER/BER encoding rules: All INTEGER fields are signed, so when the most significant bit of a 2048 bit value is set, then it needs to be encoded and processed with an extra leading 0 byte. (And ditto for a 4096 bit value of cause) OpenSSL displays that leading 0 byte, while NSS (used by Firefox) apparently hides it. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Modulus field in text display of a certificate
On 04/04/2015 04:07, Mabry Tyson wrote: I happened to notice what seems to be an output glitch in the textual output of a certificate. I received a copy of the QuoVadis Root CA 2 certificate as a file. When I examined the certificate via openssl x509 -text -in /tmp/QV.cer(using OpenSSL 1.0.1 14 Mar 2012 as installed in Ubuntu 14.04) I noticed an extra first zero byte of the Modulus was shown, as compared to the display of that certificate in Firefox. Certificate: Data: Version: 3 (0x2) Serial Number: 1289 (0x509) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 ... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f: ... 09:62:04:92:16:10:d8:9e:27:47:fb:3b:21:e3:f8: eb:1d:5b I believe there should be 4096/8 = 512 bytes in that modulus. There are 15 bytes shown per line. 512/15 = 34 with a remainder of 2. This output shows 513 bytes (34 lines plus a remainder of 3). This is a consequence of the ASN.1 DER/BER encoding rules: All INTEGER fields are signed, so when the most significant bit of a 2048 bit value is set, then it needs to be encoded and processed with an extra leading 0 byte. OpenSSL displays that leading 0 byte, while NSS (used by Firefox) apparently hides it. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Modulus field in text display of a certificate
I happened to notice what seems to be an output glitch in the textual output of a certificate. I received a copy of the QuoVadis Root CA 2 certificate as a file. When I examined the certificate via openssl x509 -text -in /tmp/QV.cer(using OpenSSL 1.0.1 14 Mar 2012 as installed in Ubuntu 14.04) I noticed an extra first zero byte of the Modulus was shown, as compared to the display of that certificate in Firefox. Certificate: Data: Version: 3 (0x2) Serial Number: 1289 (0x509) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 ... Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f: ... 09:62:04:92:16:10:d8:9e:27:47:fb:3b:21:e3:f8: eb:1d:5b I believe there should be 4096/8 = 512 bytes in that modulus. There are 15 bytes shown per line. 512/15 = 34 with a remainder of 2. This output shows 513 bytes (34 lines plus a remainder of 3). ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
