[openssl-users] Fwd to openssl-users, Re: [openssl-dev] Reminder: OpenSSL's EC private key encoding is broken

Erwann Abalea erwann.abalea at opentrust.com
Tue Mar 24 12:06:06 UTC 2015


The private key is a random integer in [1, p-1], not in [2^(log2(p)-1), 
(2^log2(p))-1].
In DER, an INTEGER is always expressed using the smallest possible 
number of octets. "001a" is an integer equal to "00000000001a", but it 
will be represented as "1a".

-- 
Erwann ABALEA

Le 24/03/2015 12:10, Annie Yousar a écrit :
> Dear all,
> this should not have happened:
>
> $ for i in  `seq 1 1000` ; do if [ "x`openssl ecparam -genkey -name
> prime256v1 -noout > key.pem; ls -l key.pem | sed '/ 227 /d'`" != " x" ];
> then echo; cat key.pem;else echo -n "."; fi; done
> ....................................................................................
> -----BEGIN EC PRIVATE KEY-----
> MHYCAQEEH9gjg1X/Gn9X/2VTustsXS/OuWV9LU4ivfp5oewxbACgCgYIKoZIzj0D
> AQehRANCAARlO6sLkCzJl7khaT8Nj6z3WpcDnMALQ4nI8Toc4/oYHtgUopeSMEj8
> fgHw9Ym3/2GgClzweJXYLuTYRB7oR/MY
> -----END EC PRIVATE KEY-----
> ............................................................................
> ...
>
> Conforming to the standards the EC private key has always a fixed length,
> defined by the group order.
>
> Regards,
> Ann.
>
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev



More information about the openssl-users mailing list