[openssl-users] ECC private key length

[Billy Brumley]

It's because of the form of the group order for the curves you list.
They look roughly like 2**n + 2**(n/2). So while technically possible
to end up with 161 bits, with overwhelming probability you end up with
less.

BBB

On Wed, Apr 6, 2016 at 9:22 PM, Frode Nilsen <frode at bitwise.no> wrote:
> Hi,
>
> When printing the contents of a PEM ECC keypair file for the secp160k1/r1/r2 curves, OpenSSL says the private key is 161 bits:
>
>         $ openssl ecparam -name secp160k1 -genkey -out test.pem
>         $ openssl ec -in test.pem -text -noout
>         read EC key
>         Private-Key: (161 bit)
>         priv:
>             77:76:fb:ae:7a:0b:97:98:aa:c0:70:7d:af:28:14:
>             6d:4f:03:d9:b5
>         pub:
>             04:9b:98:38:4a:d0:e4:22:a2:3f:80:ce:02:90:02:
>             d3:35:51:dc:8f:7b:5e:30:7d:2d:5e:98:6f:4b:9b:
>             4b:c8:01:1c:2d:ce:39:37:04:c5:61
>         ASN1 OID: secp160k1
>
> However, following "priv:", there are only 20 bytes (160 bits). Why is this?
>
> When printing the keypair for other curves, the number of bytes after "priv:" seem to always be the same or higher than the number of bits shown after "Private-Key:".
>
> Thanks in advance,
> Frode
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users