One leading NUL byte in RSA key modulus
Jim Lloyd
jlloyd at silvertailsystems.com
Thu Mar 29 18:34:09 CEST 2012
Thanks Nikos, this all makes complete sense now.
On Thu, Mar 29, 2012 at 2:29 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org>wrote:
> On Wed, Mar 28, 2012 at 10:23 PM, Jim Lloyd
> <jlloyd at silvertailsystems.com> wrote:
> > Hello,
> > I am nearly done porting our application to use gnutls 2.12 instead of
> 2.8.
> > We have a reasonably decent set of unit tests, nearly all of which pass
> > without requiring any changes. However, there are two failing tests that
> I
> > find curious.
> > First, we have a function that user gnutls_x509_privkey_export_rsa_raw to
> > return the size in bytes of the modulus of a private key. One specific
> unit
> > test simply asserts that the size of a given test key is 128 bytes. That
> > test fails because the actual size of the key is now 129 bytes.
>
> Hello,
> The null byte ensures that the number isn't treated as negative when
> imported to a bignum library. Thus it should be expected (at least to
> numbers with their MSB being 1).
>
> > In addition, the Public Key Id output by gnutls_x509_crt_print has
> changed
> > to be an entirely different hash.
>
> Could it be the change in 2.8.6?
>
> * Version 2.8.6 (released 2010-03-15)
>
> ** libgnutls: For CSRs, don't null pad integers for RSA/DSA value.
> VeriSign rejected CSRs with this padding. Reported by Wilankar Trupti
> <trupti.wilankar at hp.com> and Boyan Kasarov <bkasarov at gmail.com>.
>
> Note: As a side effect of this change, the "public key identifier"
> value computed for a certificate using this version of GnuTLS will be
> different from values computed using earlier versions of GnuTLS.
>
> regards,
> Nikos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120329/5947460c/attachment.htm>
More information about the Gnutls-devel
mailing list