secp256r1 65 byte key size in packet capture

Lokesh Chakka lvenkatakumarchakka at gmail.com
Wed Jun 19 10:25:52 UTC 2024


Understood. Thanks alot.
But I'm still Not able to understand why it is 65 bytes in the key value.


Thanks & Regards
--
Lokesh Chakka.


On Wed, Jun 19, 2024 at 3:03 PM Tomas Mraz <tomas at openssl.org> wrote:

> You need to do base64 decoding to find out the real size of the ASN.1
> encoded data.
>
> Tomas Mraz, OpenSSL
>
> On Wed, 2024-06-19 at 14:58 +0530, Lokesh Chakka wrote:
> > hi,
> >
> > please check the following :
> >
> > =====================================================================
> > =====================
> > $ openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> > using curve name prime256v1 instead of secp256r1
> > $ cat pvtkey.pem
> > -----BEGIN EC PARAMETERS-----
> > BggqhkjOPQMBBw==
> > -----END EC PARAMETERS-----
> > -----BEGIN EC PRIVATE KEY-----
> > MHcCAQEEIAXXAWUj/cUQT8pDLKp5r269mw58aTzr/hYAEXQZVQqUoAoGCCqGSM49
> > AwEHoUQDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHPGgaKvSt/xdAgvDp7FXKTpST8
> > UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
> > -----END EC PRIVATE KEY-----
> > $ openssl ec -in pvtkey.pem -pubout
> > read EC key
> > writing EC key
> > -----BEGIN PUBLIC KEY-----
> > MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP
> > GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
> > -----END PUBLIC KEY-----
> > =====================================================================
> > =====================
> >
> > sizeof private key is 164 bytes and the public key is 124 bytes.
> >
> >
> > Thanks & Regards
> > --
> > Lokesh Chakka.
> >
> >
> > On Wed, Jun 19, 2024 at 2:28 PM Tomas Mraz <tomas at openssl.org> wrote:
> > > Hi Lokesh,
> > >
> > > I am not sure how do you count the sizes of 164 bytes and 124 bytes
> > > for
> > > the pem files.
> > >
> > > If I use -outform DER (and use -noout with the ecparam to avoid
> > > outputting the params because the private key already contains info
> > > about the params used) I see the following sizes for the DER
> > > encoded
> > > data:
> > >
> > > private key: 121 bytes
> > > public key: 91 bytes
> > >
> > > Given both files contain information about the group used and other
> > > ASN.1 encoding related stuff, and that the private key file
> > > contains 32
> > > bytes of the private key but also the encoded uncompressed public
> > > key
> > > of 65 bytes, this is fully expected.
> > >
> > > Tomas Mraz, OpenSSL
> > >
> > > On Wed, 2024-06-19 at 13:45 +0530, Lokesh Chakka wrote:
> > > > hello,
> > > >
> > > > I'm trying to generate public/private keys with following
> > > > commands:
> > > >
> > > > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> > > > openssl ec -in pvtkey.pem -pubout
> > > >
> > > > I'm seeing the sizeof private key as 164 bytes and public key as
> > > > 124
> > > > bytes.
> > > >
> > > > In a wireshark capture( attached ), I'm seeing key length as 65
> > > > bytes.
> > > >
> > > > Can someone help me understand why the difference?
> > > >
> > > > Thanks & Regards
> > > > --
> > > > Lokesh Chakka.
> > >
>
> --
> Tomáš Mráz, OpenSSL
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240619/40c9e050/attachment.htm>


More information about the openssl-users mailing list