[openssl-users] Certificate for RSA 2048 key says 2058

Ken Goldman kgoldman at us.ibm.com
Thu Dec 14 18:11:21 UTC 2017


I generate a key and self signed certificate like this:

 > openssl genrsa -out cakey.pem -aes256 -passout pass:rrrr 2048
 > openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650

When I dump the certificate, I see
	....
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2058 bit)
                 Modulus:
                     02:b1:4c:dd:59:4d:72:8d:93:4b:e5:07:89:53:f7:
	....

Why 2058 - 10 extra bits?  I know that, at times, ASN.1 DER needs an 
extra byte to make a number positive, but 10 bits?



More information about the openssl-users mailing list