[openssl-dev] Reminder: OpenSSL's EC private key encoding is broken
Douglas E Engert
deengert at gmail.com
Tue Mar 24 18:42:48 UTC 2015
On 3/24/2015 6:10 AM, Annie Yousar wrote:
> Dear all,
> this should not have happened:
The private key may have leading zero bytes, and the size of the BIGNUM is used
for the length of the octetstring rather then the field_len.
The length of the BIGNUM does not include any leading zeros.
Try the attached diff.
>
> $ for i in `seq 1 1000` ; do if [ "x`openssl ecparam -genkey -name
> prime256v1 -noout > key.pem; ls -l key.pem | sed '/ 227 /d'`" != " x" ];
> then echo; cat key.pem;else echo -n "."; fi; done
> ....................................................................................
> -----BEGIN EC PRIVATE KEY-----
> MHYCAQEEH9gjg1X/Gn9X/2VTustsXS/OuWV9LU4ivfp5oewxbACgCgYIKoZIzj0D
> AQehRANCAARlO6sLkCzJl7khaT8Nj6z3WpcDnMALQ4nI8Toc4/oYHtgUopeSMEj8
> fgHw9Ym3/2GgClzweJXYLuTYRB7oR/MY
> -----END EC PRIVATE KEY-----
> ............................................................................
> ...
>
> Conforming to the standards the EC private key has always a fixed length,
> defined by the group order.
>
> Regards,
> Ann.
>
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
--
Douglas E. Engert <DEEngert at gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecasn1.diff
Type: text/x-patch
Size: 1545 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150324/363f4d9d/attachment-0001.bin>
More information about the openssl-dev
mailing list