[openssl-users] Certificate for RSA 2048 key says 2058

Ken Goldman kgoldman at us.ibm.com
Thu Dec 14 18:11:21 UTC 2017

I generate a key and self signed certificate like this:

 > openssl genrsa -out cakey.pem -aes256 -passout pass:rrrr 2048
 > openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650

When I dump the certificate, I see
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2058 bit)

Why 2058 - 10 extra bits?  I know that, at times, ASN.1 DER needs an 
extra byte to make a number positive, but 10 bits?

More information about the openssl-users mailing list