secp256r1 65 byte key size in packet capture

Tomas Mraz tomas at openssl.org
Wed Jun 19 09:33:44 UTC 2024


You need to do base64 decoding to find out the real size of the ASN.1
encoded data.

Tomas Mraz, OpenSSL

On Wed, 2024-06-19 at 14:58 +0530, Lokesh Chakka wrote:
> hi,
> 
> please check the following :
> 
> =====================================================================
> =====================
> $ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> using curve name prime256v1 instead of secp256r1
> $ cat pvtkey.pem 
> -----BEGIN EC PARAMETERS-----
> BggqhkjOPQMBBw==
> -----END EC PARAMETERS-----
> -----BEGIN EC PRIVATE KEY-----
> MHcCAQEEIAXXAWUj/cUQT8pDLKp5r269mw58aTzr/hYAEXQZVQqUoAoGCCqGSM49
> AwEHoUQDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHPGgaKvSt/xdAgvDp7FXKTpST8
> UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
> -----END EC PRIVATE KEY-----
> $ openssl ec -in pvtkey.pem -pubout
> read EC key
> writing EC key
> -----BEGIN PUBLIC KEY-----
> MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP
> GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
> -----END PUBLIC KEY-----
> =====================================================================
> =====================
> 
> sizeof private key is 164 bytes and the public key is 124 bytes.
> 
> 
> Thanks & Regards
> --
> Lokesh Chakka.
> 
> 
> On Wed, Jun 19, 2024 at 2:28 PM Tomas Mraz <tomas at openssl.org> wrote:
> > Hi Lokesh,
> > 
> > I am not sure how do you count the sizes of 164 bytes and 124 bytes
> > for
> > the pem files.
> > 
> > If I use -outform DER (and use -noout with the ecparam to avoid
> > outputting the params because the private key already contains info
> > about the params used) I see the following sizes for the DER
> > encoded
> > data:
> > 
> > private key: 121 bytes
> > public key: 91 bytes
> > 
> > Given both files contain information about the group used and other
> > ASN.1 encoding related stuff, and that the private key file
> > contains 32
> > bytes of the private key but also the encoded uncompressed public
> > key
> > of 65 bytes, this is fully expected.
> > 
> > Tomas Mraz, OpenSSL
> > 
> > On Wed, 2024-06-19 at 13:45 +0530, Lokesh Chakka wrote:
> > > hello,
> > > 
> > > I'm trying to generate public/private keys with following
> > > commands:
> > > 
> > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> > > openssl ec -in pvtkey.pem -pubout
> > > 
> > > I'm seeing the sizeof private key as 164 bytes and public key as
> > > 124
> > > bytes.
> > > 
> > > In a wireshark capture( attached ), I'm seeing key length as 65
> > > bytes.
> > > 
> > > Can someone help me understand why the difference?
> > > 
> > > Thanks & Regards
> > > --
> > > Lokesh Chakka.
> > 

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list