secp256r1 65 byte key size in packet capture

Lokesh Chakka lvenkatakumarchakka at gmail.com
Thu Jun 20 05:44:12 UTC 2024 

Is there a way to have all those man pages installed in my system.
I'm using Ubuntu 24.

On Wed, Jun 19, 2024, 17:49 Matt Caswell <matt at openssl.org> wrote:

>
>
> On 19/06/2024 12:14, Lokesh Chakka wrote:
> > Now I need to explore C APIs for getting those keys as hex array.
> > Could you please suggest any good references for beginners.
>
> You would need to first load the key from the file to create an EVP_PKEY
> object. For example you could use the PEM_read_PUBKEY() function for
> this. See:
>
> https://www.openssl.org/docs/man3.3/man3/PEM_read_PUBKEY.html
>
> Once you have the key as an EVP_PKEY object, you can get the raw
> encoding as a char array in a format suitable for TLS using the
> EVP_PKEY_get1_encoded_public_key() function. See:
>
>
> https://www.openssl.org/docs/man3.3/man3/EVP_PKEY_get1_encoded_public_key.html
>
> Matt
>
>
>
> >
> > Regards
> > --
> > Lokesh Chakka.
> >
> >
> > On Wed, Jun 19, 2024 at 4:21 PM Matt Caswell <matt at openssl.org
> > <mailto:matt at openssl.org>> wrote:
> >
> >
> >
> >     On 19/06/2024 09:15, Lokesh Chakka wrote:
> >      > hello,
> >      >
> >      > I'm trying to generate public/private keys with following
> commands:
> >      >
> >      > openssl ecparam -name secp256r1 -genkey -out pvtkey.pem
> >      > openssl ec -in pvtkey.pem -pubout
> >      >
> >      > I'm seeing the sizeof private key as 164 bytes and public key as
> >     124 bytes.
> >      >
> >      > In a wireshark capture( attached ), I'm seeing key length as 65
> >     bytes.
> >
> >     What you are doing is confusing. You have generated public/private
> key
> >     pair for secp256r1 - but the wireshark capture you show seems to be
> the
> >     key share from a TLSv1.3 handshake. TLSv1.3 key shares are ephemeral
> so
> >     - you'll get a different key share every time. You don't need to
> create
> >     a public/private key for this. OpenSSL does it for you.
> >
> >     Anyway. Taking the key that you generated:
> >
> >     -----BEGIN PUBLIC KEY-----
> >     MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVSmp4UnlQbzbe6eopByeEUzkmYHP
> >     GgaKvSt/xdAgvDp7FXKTpST8UM9LpF8f4JETOXgDDGvNlIDqVFo+T0hdtQ==
> >     -----END PUBLIC KEY-----
> >
> >     This is just a PEM encoding of the real key (base 64 encoding of DER
> >     structured data in PEM headers). Not sure where you get 124 bytes
> from,
> >     but you can look take a look at the actual key data like this:
> >
> >     $ openssl pkey -in /tmp/key.pem -pubin -noout -text
> >     Public-Key: (256 bit)
> >     pub:
> >           04:55:29:a9:e1:49:e5:41:bc:db:7b:a7:a8:a4:1c:
> >           9e:11:4c:e4:99:81:cf:1a:06:8a:bd:2b:7f:c5:d0:
> >           20:bc:3a:7b:15:72:93:a5:24:fc:50:cf:4b:a4:5f:
> >           1f:e0:91:13:39:78:03:0c:6b:cd:94:80:ea:54:5a:
> >           3e:4f:48:5d:b5
> >     ASN1 OID: prime256v1
> >     NIST CURVE: P-256
> >
> >     This shows you the 65 bytes of raw public key data contained within
> the
> >     key file.
> >
> >     This key is in "uncompressed" format (the 04 byte at the start
> >     indicates
> >     this). Since it is uncompressed we then get an x and a y value to
> >     indicate the point on the curve. Each of these are 32 bytes long (256
> >     bits) - so this gives you 65 bytes in total.
> >
> >     Matt
> >
> >
> >
> >      >
> >      > Can someone help me understand why the difference?
> >      >
> >      > Thanks & Regards
> >      > --
> >      > Lokesh Chakka.
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240620/14ee3ed2/attachment.htm>

More information about the openssl-users mailing list