Schifman, Jon wrote:
I'm using OpenSSL 0.9.8d to work on generating X.509 certificates for use with ECDSA using the SECP384R1 curve. When I generate a certificate, the public key created is 97 bytes, but I know it should be 96 bytes (2 384 bit parameters for the x,y points on the curve). It shows up as 97 bytes when I print the PEM formatted cert with the -text option. In addition, I've converted the certificate to DER format, and manually decoded it. The cert still has a BIT STRING field of 98 bytes specified, where the first octet specifies 00 as the number of unused bits (as it should), but there is still an extra byte. Does anyone have any ideas about this behavior? Is it a bug in OpenSSL?
there are different methods to encode a public key (ec point) as an octet string and the first byte is used to specify which method is used (in case of the uncompressed representation it should be a 0x04). Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
