RSA Key and signature lengths using gcry_pk_genkey/sign
mo at g10code.com
Sat Feb 12 18:25:59 CET 2005
On Sun, Jan 23, 2005 at 01:51:51PM +0000, James Hume wrote:
> I am using the gcry_pk_* functions to generate keys and
> signatures. I have seen that sometimes the key lengths can vary, as
> can the signature length which either seems to be 128 bytes or 129
> bytes (in which case there always seems to be a leading null byte).
I assume that you are converting an MPI into an octet string with
gcry_mpi_print() according to GCRYMPI_FMT_STD. Whenever the given MPI
has the most significant bit set and FMT_STD is requested, the
mentioned function does add a null byte at the beginning of the octet
string representation. This is done in order to be able to
distinguish signed integers from unsigned ones (an integer is
recognized as a negative one when the most signifant bit is set).
In case you don't need to consider signed integers at all, just use
GCRYMPI_FMT_USG, which does not do the padding you seem to have
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 193 bytes
Desc: not available
Url : /pipermail/attachments/20050212/d357b10b/attachment.pgp
More information about the Gcrypt-devel