[openssl-users] Certificate for RSA 2048 key says 2058
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Dec 14 18:34:41 UTC 2017
> On Dec 14, 2017, at 1:11 PM, Ken Goldman <kgoldman at us.ibm.com> wrote:
>
> I generate a key and self signed certificate like this:
>
> > openssl genrsa -out cakey.pem -aes256 -passout pass:rrrr 2048
> > openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650
>
> When I dump the certificate, I see
> ....
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (2058 bit)
> Modulus:
> 02:b1:4c:dd:59:4d:72:8d:93:4b:e5:07:89:53:f7:
> ....
>
> Why 2058 - 10 extra bits? I know that, at times, ASN.1 DER needs an extra byte to make a number positive, but 10 bits?
What version of OpenSSL is this? When I try this with OpenSSL 1.1.0 I get:
$ openssl version
OpenSSL 1.1.0h-dev xx XXX xxxx
$ for i in $(seq 20); do openssl req -nodes -new -x509 -newkey rsa:2048 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/CN=Root CA" 2>/dev/null; openssl x509 -text -in cacert.pem | grep 'Public-Key:'; done
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Public-Key: (2048 bit)
Same results with master from git.
--
Viktor.
More information about the openssl-users
mailing list