> From: owner-openssl-us...@openssl.org On Behalf Of Chris Kistner > Sent: Tuesday, 21 September, 2010 07:52
> There are always an extra null-byte at the beginning, which has an > effect on the sign of the modulus value. The null-byte character would > make the modulus a positive value. > Not always. The ASN.1 encoding (BER/DER) of INTEGER is signed twos-complement, and a sign-only octet of 00 or FF is needed if the high bit of the next octet isn't the right sign. (This octet, and the rest, aren't really characters, although they are normally handled in C as type char or usually better specifically unsigned char.) RSA modulus is always positive, and (usually) chosen to be 'full size', e.g. a '1024-bit' key has modulus with value between 2^1023 and 2^1024-1 thus the added 00 is needed. But it is possible to use e.g. a value between 2^1022 and 2^1023-1 which does not need an 'extra' sign octet. > I've been using the following application with Wine to view my X.509 > certificates: http://lipingshare.com/Asn1Editor/ > There's also a very neat online ASN.1 parser available here: > http://geminisecurity.com/parse.php > openssl commandline includes 'asn1parse' which is not particularly spiffy but is available whereever openssl is. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
