secp256r1 65 byte key size in packet capture

Lokesh Chakka lvenkatakumarchakka at gmail.com
Wed Jun 19 09:28:49 UTC 2024 

hi,

please check the following :

==========================================================================================
$ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
using curve name prime256v1 instead of secp256r1
$ cat pvtkey.pem
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIAXXAWUj/cUQT8pDLKp5r269mw58aTzr/hYAEXQZVQqUoAoGCCqGSM49
AwEHoUQDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHPGgaKvSt/xdAgvDp7FXKTpST8
UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
-----END EC PRIVATE KEY-----
$ openssl ec -in pvtkey.pem -pubout
read EC key
writing EC key
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP
GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
-----END PUBLIC KEY-----
==========================================================================================

sizeof private key is 164 bytes and the public key is 124 bytes.


Thanks & Regards
--
Lokesh Chakka.


On Wed, Jun 19, 2024 at 2:28 PM Tomas Mraz <tomas at openssl.org> wrote:

> Hi Lokesh,
>
> I am not sure how do you count the sizes of 164 bytes and 124 bytes for
> the pem files.
>
> If I use -outform DER (and use -noout with the ecparam to avoid
> outputting the params because the private key already contains info
> about the params used) I see the following sizes for the DER encoded
> data:
>
> private key: 121 bytes
> public key: 91 bytes
>
> Given both files contain information about the group used and other
> ASN.1 encoding related stuff, and that the private key file contains 32
> bytes of the private key but also the encoded uncompressed public key
> of 65 bytes, this is fully expected.
>
> Tomas Mraz, OpenSSL
>
> On Wed, 2024-06-19 at 13:45 +0530, Lokesh Chakka wrote:
> > hello,
> >
> > I'm trying to generate public/private keys with following commands:
> >
> > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> > openssl ec -in pvtkey.pem -pubout
> >
> > I'm seeing the sizeof private key as 164 bytes and public key as 124
> > bytes.
> >
> > In a wireshark capture( attached ), I'm seeing key length as 65
> > bytes.
> >
> > Can someone help me understand why the difference?
> >
> > Thanks & Regards
> > --
> > Lokesh Chakka.
>
> --
> Tomáš Mráz, OpenSSL
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240619/5fd23c34/attachment.htm>

More information about the openssl-users mailing list