[openssl-users] What is the need for 0x00 byte prefix in pubkey and prime of a static DH key pair?

M K Saravanan mksarav at gmail.com
Fri Nov 30 05:26:21 UTC 2018


Hi,

When I create static DH key pair using openssl, why the public key and
prime contains the prefix 0x00 byte?

For e.g. in 1024 bit key, 128 bytes is enough.

private key properly shows 128 bytes.  But public key and prime shows
129 bytes with a 0x00 byte at the beginning.  What is the need for
this 0x00 byte at the beginning?  i.e. why it is using 129 bytes
instead of 128?


$ openssl version
OpenSSL 1.1.1  11 Sep 2018

$ openssl dhparam -out mydhp.pem 1024
[...]

$ openssl genpkey -paramfile ./mydhp.pem -out mydhkey.pem

$ openssl pkey -in ./mydhkey.pem -text -noout
DH Private-Key: (1024 bit)
    private-key:
        52:61:87:52:b4:27:5f:c3:cf:ab:2f:20:b4:aa:b7:
        df:c3:87:63:50:d2:06:dd:65:8f:db:55:2e:08:d5:
        62:44:1a:f5:d8:73:66:fe:a7:c4:43:be:f7:f0:d0:
        ba:4c:bf:f0:70:70:c9:25:92:da:ef:69:01:1a:b9:
        d9:d9:1f:b9:22:a6:84:48:d8:58:a8:a4:9e:7f:85:
        6b:9e:45:89:07:0c:fb:00:f1:0a:fb:24:10:e4:bb:
        2b:1c:7d:dc:d1:12:a3:21:5a:9b:8e:bf:9d:33:e8:
        65:fe:c2:5c:ea:47:fa:00:04:80:cf:85:e1:c6:71:
        67:4b:7b:71:92:07:59:48
    public-key:
        00:a0:0d:41:8a:27:55:07:2a:01:dd:a7:e2:86:bb:
        69:71:86:1d:62:0c:f3:b7:61:78:81:37:6c:a1:d3:
        e8:55:9d:8a:1f:e8:5e:7f:18:00:0f:4e:1d:97:70:
        a0:e7:19:2b:82:69:c3:aa:61:ea:b8:9c:10:36:19:
        e9:b9:13:db:9a:ef:34:bf:10:f7:93:84:5d:a3:b4:
        58:3a:40:ec:4b:79:06:52:b8:fe:b8:22:0d:f3:f9:
        33:1e:8e:43:69:bb:77:3d:10:78:c6:65:e8:04:08:
        96:1e:cc:6c:92:e4:55:f4:2c:d0:3d:b7:5f:58:70:
        cf:fe:a7:5f:23:e3:d9:5e:c4
    prime:
        00:a2:f4:9d:1c:3f:75:8f:3e:e3:c9:95:09:79:09:
        16:f2:f0:61:c4:e1:b9:23:22:a3:58:d7:38:7d:06:
        af:57:ad:14:5e:13:bd:71:ed:31:89:cb:65:d6:46:
        3b:29:57:ad:a9:8e:58:e6:df:c0:37:2f:4f:be:45:
        d7:c8:f1:87:ef:af:65:87:34:4a:7d:78:b8:0b:0b:
        33:d8:c1:fb:05:9e:ce:9a:27:7e:4a:2a:aa:18:33:
        35:ea:d0:b0:b7:fa:cb:d1:51:bf:11:98:12:24:be:
        1d:1c:87:c3:37:ed:0f:b9:53:23:fc:a1:be:75:ed:
        81:04:e5:6a:b3:83:40:e0:43
    generator: 2 (0x2)


with regards,
Saravanan


More information about the openssl-users mailing list