It probably is 1023 bit, but you can think of that as being 1024 bit with the top bit zero. Since the modulus is effectively random (the product or two randomly chosen large primes) then it makes sense that some of the generated moduli will not completely fill the 1024 bits, just as choosing a number randomly between 0 and 100 won't always have the top decimal place filled. If the top bit was always set it would reduce the search space when attacking the key, thereby weakening it.
Steven -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten Sent: Wednesday, 17 August 2005 5:17 PM To: openssl-users@openssl.org Subject: What size is this key? A local certification authority has issued a cert and the public is as below (parsed with openssl) : ----- Modulus (1023 bit): 5d:10:63:d3:d8:00:2a:50:ab:65:8a:f0:92:83:b0: 6a:39:e3:0c:38:aa:f5:32:23:71:25:8e:4a:8d:50: fd:80:a3:95:59:33:27:92:88:d0:1d:28:dd:05:7c: b6:a0:5e:68:9e:b4:70:c9:bd:28:8a:fb:6d:95:0a: 38:83:f9:8d:15:b1:3a:33:bf:d7:ab:1c:5e:1b:d3: d6:c1:1a:f8:05:7f:ef:22:23:48:ef:48:a2:8d:99: 90:10:81:8a:54:dd:16:9e:7f:d0:88:a8:b7:34:68: be:4d:8f:dc:4b:5d:d9:72:c5:a4:88:a6:40:fa:f2: f7:16:79:a8:35:3d:f2:ad Exponent: 3 (0x3) ----- The key pair was generated by the CA (smart-card based) and it was supposed to be a 1024-bit RSA key. I retrieved the certificate from the smart card and parsed it with openssl. I am just wondering why did openssl report it as 1023-bit? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
