Re: When P is larger than Q

2014-03-25 Thread Dave Thompson
-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrew Arnott Sent: Saturday, March 22, 2014 14:56 To: openssl-users@openssl.org Subject: *** Spam *** Re: When P is larger than Q Thanks Dave. Where do you get the cert file to use as input? snip From: Dave Thompson

Re: When P is larger than Q

2014-03-25 Thread andrewarnott
To: openssl-users@openssl.org Subject: *** Spam *** Re: When P is larger than Q Thanks Dave. Where do you get the cert file to use as input? snip From: Dave Thompson Sent: Friday, March 21, 2014 3:37 PM To: openssl-users@openssl.org snip I don’t think this violates any standard and it works

Re: When P is larger than Q

2014-03-22 Thread Dave Thompson
*** Re: When P is larger than Q I’d like to try the PKCS12 idea. Can you tell me how you put this private key in a PKCS12 cert so I can see if I can adapt that to get this working in my .NET app? I tried generating dozens of 512 bit keys in a row on iOS. Every time, the P was longer than

Re: When P is larger than Q

2014-03-22 Thread Andrew Arnott
-us...@openssl.org] *On Behalf Of *andrewarn...@gmail.com *Sent:* Friday, March 21, 2014 21:03 *To:* openssl-users@openssl.org *Subject:* *** Spam *** Re: When P is larger than Q I'd like to try the PKCS12 idea. Can you tell me how you put this private key in a PKCS12 cert so I can see if I

RE: When P is larger than Q

2014-03-21 Thread Dave Thompson
To be clear: it is conventional to generate P with a larger *value* than Q, AIR so that CRT qinv-modp works right. There are several ways to do this; openssl just generates two suitable primes and chooses the larger one as P. Your issue is that P has *more significant bits*, 257 instead of

Re: When P is larger than Q

2014-03-21 Thread Dr. Stephen Henson
On Fri, Mar 21, 2014, Dave Thompson wrote: To be clear: it is conventional to generate P with a larger *value* than Q, AIR so that CRT qinv-modp works right. There are several ways to do this; openssl just generates two suitable primes and chooses the larger one as P. Your issue is

Re: When P is larger than Q

2014-03-21 Thread andrewarnott
Hi Dave, Thanks for your reply. I've attached a simple console app that attempts to import the key data into a .NET RSACryptoServiceProvider. Internally this class just sends it straight onto the Windows OS crypto library, which includes the checks that P and Q must have equal lengths. The

Re: When P is larger than Q

2014-03-21 Thread andrewarnott
Hi Steve, I'm on Windows 8.1 when I see this error. But your comment about older Windows reporting this suggests that perhaps there's a newer API I could use to get the job done? Sent from Surface Pro From: Dr. Stephen Henson Sent: ‎Friday‎, ‎March‎ ‎21‎, ‎2014 ‎4‎:‎30‎ ‎PM To:

Re: When P is larger than Q

2014-03-21 Thread andrewarnott
I’d like to try the PKCS12 idea. Can you tell me how you put this private key in a PKCS12 cert so I can see if I can adapt that to get this working in my .NET app? I tried generating dozens of 512 bit keys in a row on iOS. Every time, the P was longer than the Q. It seems that iOS may be