[Pkg-openssl-devel] Bug#602346: 'openssl rsa -pubout' is not RFC 3447 compliant

Noel David Torres Taño envite at rolamasao.org
Wed Nov 3 23:05:26 UTC 2010 

Package: openssl
Version: 0.9.8o-2
Severity: normal


Try the following:

First create a RSA private key:

$openssl genrsa -out key.pem
Generating RSA private key, 512 bit long modulus
....++++++++++++
......++++++++++++
e is 65537 (0x10001)

Then parse it as an ASN.1 structure:

$ openssl asn1parse -in key.pem 
    0:d=0  hl=4 l= 315 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=2 l=  65 prim: INTEGER           :A46E2C9B03EC9DBCDD57A8E5BC7F7976A31CAC5794BDAFFB4582C1759039F4768A064C534EE5A7957D05C91B3C62FF73990CB8619460D1FFC62E537CB7CF831B
   74:d=1  hl=2 l=   3 prim: INTEGER           :010001
   79:d=1  hl=2 l=  64 prim: INTEGER           :5B8653DFC93468AC9ACBD3606526D3763CDE95F37E0083B72A7ED8AE56A45BB4C6E18B7C6AAA1796C67217CA952A30B3BF75DE2F7AACD107DABB672E1C4B8149
  145:d=1  hl=2 l=  33 prim: INTEGER           :D9476C3DE72322BEDEF19EDEBB83006639A1E4F971F6142D1D1D187AC9F30525
  180:d=1  hl=2 l=  33 prim: INTEGER           :C1BBB8C70D1D7CEFF38714292B7C1989A0ABBFD6C188F80D25DCA5B003C9933F
  215:d=1  hl=2 l=  32 prim: INTEGER           :38BB856FC4625038364E308547C0B4E1FC3A6167207278622F2FE1AC6DFE9E61
  249:d=1  hl=2 l=  33 prim: INTEGER           :960F5CD9B99BECA943FD8E2D3184879765FF82B1CAE8D811FF10C0B9ECC5172B
  284:d=1  hl=2 l=  33 prim: INTEGER           :84F758EFAC66D3A556B5E59C368603ECB3469E39A54015D8942447195C3F987E

That is correct, as per RFC3447 A.1.2 (page 45), but now try to extract the public exponent:

$ openssl rsa -in key.pem -pubout -out pubkey.pem
writing RSA key

Seems to work, but it does not:

$ openssl asn1parse -in pubkey.pem 
    0:d=0  hl=2 l=  92 cons: SEQUENCE          
    2:d=1  hl=2 l=  13 cons: SEQUENCE          
    4:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   15:d=2  hl=2 l=   0 prim: NULL              
   17:d=1  hl=2 l=  75 prim: BIT STRING

This is not what is expected as per RFC3447 A.1.1 (page 44). Expected is something like

    0:d=0  hl=4 l= 72 cons: SEQUENCE
    4:d=1  hl=2 l= 65 prim: INTEGER           :A46E2C9B03EC9DBCDD57A8E5BC7F7976A31CAC5794BDAFFB4582C1759039F4768A064C534EE5A7957D05C91B3C62FF73990CB8619460D1FFC62E537CB7CF831B
   71:d=1  hl=2 l=  3 prim: INTEGER           :010001

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6                  2.11.2-6+squeeze1 Embedded GNU C Library: Shared lib
ii  libssl0.9.8            0.9.8o-2          SSL shared libraries
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates            20090814+nmu2 Common CA certificates

-- no debconf information

More information about the Pkg-openssl-devel mailing list