[openssl-users] Modulus field in text display of a certificate
Jakob Bohm
jb-openssl at wisemo.com
Sat Apr 4 05:28:06 UTC 2015
On 04/04/2015 07:18, Jakob Bohm wrote:
> On 04/04/2015 04:07, Mabry Tyson wrote:
>> I happened to notice what seems to be an output glitch in the textual
>> output of a certificate.
>>
>> I received a copy of the QuoVadis Root CA 2 certificate as a file.
>> When I examined the certificate via
>> openssl x509 -text -in /tmp/QV.cer (using OpenSSL 1.0.1 14 Mar
>> 2012 as installed in Ubuntu 14.04)
>> I noticed an extra first zero byte of the Modulus was shown, as
>> compared to the display of that certificate in Firefox.
>>
>>> Certificate:
>>> Data:
>>> Version: 3 (0x2)
>>> Serial Number: 1289 (0x509)
>>> Signature Algorithm: sha1WithRSAEncryption
>>> Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
>>> ...
>>> Subject Public Key Info:
>>> Public Key Algorithm: rsaEncryption
>>> Public-Key: (4096 bit)
>>> Modulus:
>>> 00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f:
>>> ...
>>> 09:62:04:92:16:10:d8:9e:27:47:fb:3b:21:e3:f8:
>>> eb:1d:5b
>> I believe there should be 4096/8 = 512 bytes in that modulus. There
>> are 15 bytes shown per line. 512/15 = 34 with a remainder of 2.
>> This output shows 513 bytes (34 lines plus a remainder of 3).
>>
>>
> This is a consequence of the ASN.1 DER/BER encoding rules:
> All INTEGER fields are signed, so when the most significant
> bit of a 2048 bit value is set, then it needs to be encoded
> and processed with an extra leading 0 byte.
(And ditto for a 4096 bit value of cause)
>
> OpenSSL displays that leading 0 byte, while NSS (used by
> Firefox) apparently hides it.
>
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list