There is no upper limit on the size of an x.509 certificate file in DER. PEM takes DER and increases its size by 4/3. So no, there is no upper limit on the size of a PEM format certificate.
Your private key is 4096 bits, or 512 bytes. OpenSSL stores private keys with their public counterparts (another 512 bytes), padding (1 byte for each part of it), exponent (usually 3 bytes), and the tag required to identify it as a PrivateKeyInfo structure (about another 6 bytes all told, though I might be off on my count). So, that's about 1.1k. PEM takes this and increases its size by 4/3, which means that it'll be about 1380 encoded bytes. Add the '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----', and that's another 50 bytes, for a total of 1420 bytes. (If it's an encrypted private key, it'll be a bit bigger.) There is no upper bound per se, but a file containing a private key shouldn't be larger than about 2048 bytes if it uses any (currently-)reasonable keysize. That said, going through the motions with a 16384-byte key yields about 4104 bytes, which in PEM would be about 5522 bytes (again, larger if it's encrypted). (I'm verifying these figures right now; I figure it'll take about as long to generate a 16384-bit key today on my Core2 Duo 2.16GHz as it did to generate a 1024-bit PGP key on a 386DX 20MHz in 1995.) -Kyle H On Wed, Jun 17, 2009 at 1:00 PM, Satish Chandra Kilaru<iam.kil...@gmail.com> wrote: > HI All > > Is there be an upper limit on the size of a x509 certificate file in > PEM format? Suppose that I am using 4096 bit key. > Is there a way to calculate such length. > > Similarly is there an upper limit on the size of PEM format private > key file? I am using 4096bit key. > > Thank you > --Satish > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
