Thank you. I was thinking the same. I thought a 5K buffer should be enough to store a 4K bit key in PEM format.
I am curious to know how long it took for you to generate 16Kbit key. --Satish On Wed, Jun 17, 2009 at 5:37 PM, Kyle Hamilton<aerow...@gmail.com> wrote: > There is no upper limit on the size of an x.509 certificate file in > DER. PEM takes DER and increases its size by 4/3. So no, there is no > upper limit on the size of a PEM format certificate. > > Your private key is 4096 bits, or 512 bytes. OpenSSL stores private > keys with their public counterparts (another 512 bytes), padding (1 > byte for each part of it), exponent (usually 3 bytes), and the tag > required to identify it as a PrivateKeyInfo structure (about another 6 > bytes all told, though I might be off on my count). So, that's about > 1.1k. PEM takes this and increases its size by 4/3, which means that > it'll be about 1380 encoded bytes. Add the '-----BEGIN PRIVATE > KEY-----' and '-----END PRIVATE KEY-----', and that's another 50 > bytes, for a total of 1420 bytes. (If it's an encrypted private key, > it'll be a bit bigger.) There is no upper bound per se, but a file > containing a private key shouldn't be larger than about 2048 bytes if > it uses any (currently-)reasonable keysize. > > That said, going through the motions with a 16384-byte key yields > about 4104 bytes, which in PEM would be about 5522 bytes (again, > larger if it's encrypted). (I'm verifying these figures right now; I > figure it'll take about as long to generate a 16384-bit key today on > my Core2 Duo 2.16GHz as it did to generate a 1024-bit PGP key on a > 386DX 20MHz in 1995.) > > -Kyle H > > On Wed, Jun 17, 2009 at 1:00 PM, Satish Chandra > Kilaru<iam.kil...@gmail.com> wrote: >> HI All >> >> Is there be an upper limit on the size of a x509 certificate file in >> PEM format? Suppose that I am using 4096 bit key. >> Is there a way to calculate such length. >> >> Similarly is there an upper limit on the size of PEM format private >> key file? I am using 4096bit key. >> >> Thank you >> --Satish >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
