Determining key size for DSA and DH?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Determining key size for DSA and DH?

bradh (Bugzilla)
I'm trying to determine the length (in bits) for my DSA and DH keys.  I'm
happily using RSA_size() for RSA keys, and I assumed that DSA_size and
DH_size would do equivalent operations (based on the man page for
BN_size_bits, which states 'If you want to know the "key size" of such a key,
either use functions like RSA_size(), DH_size() and DSA_size()'..

However the man page for DSA_size says that it returns the size of the
signature (which for me is always 48 bytes or 384 bits, irrespective of the
key parameters)

Is there a way to determine the keylength for DSA keys and DH keys?

Brad

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Determining key size for DSA and DH?

Nils Larsch
Brad Hards wrote:
> I'm trying to determine the length (in bits) for my DSA and DH keys.  I'm
> happily using RSA_size() for RSA keys, and I assumed that DSA_size and
> DH_size would do equivalent operations (based on the man page for
> BN_size_bits, which states 'If you want to know the "key size" of such a key,
> either use functions like RSA_size(), DH_size() and DSA_size()'..

yep, that's a bug.

>
> However the man page for DSA_size says that it returns the size of the
> signature (which for me is always 48 bytes or 384 bits, irrespective of the
> key parameters)
>
> Is there a way to determine the keylength for DSA keys and DH keys?

in case of a EVP_PKEY object EVP_PKEY_bits, otherwise
BN_num_bits(dsa->p). But as the "NOTES" section in the BN_num_bits
manpage already says this isn't really a satisfying solution, it
would be better to have functions like
        size_t DSA_signature_size(const DSA *);
        size_t DSA_pkey_size(const DSA *);
for this ... just a thought.
You should send a bug report to [hidden email].

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Determining key size for DSA and DH?

bradh (Bugzilla)
On Sun, 5 Jun 2005 21:20 pm, Nils Larsch wrote:
> > Is there a way to determine the keylength for DSA keys and DH keys?
>
> in case of a EVP_PKEY object EVP_PKEY_bits, otherwise
As it turns out, I do have a EVP_PKEY, so this is just what I needed.

> BN_num_bits(dsa->p). But as the "NOTES" section in the BN_num_bits
> manpage already says this isn't really a satisfying solution, it
> would be better to have functions like
> size_t DSA_signature_size(const DSA *);
> size_t DSA_pkey_size(const DSA *);
> for this ... just a thought.
Yeah, that would make it more obvious.  Even without the doco confusion, it is
still a bit dangerous to have FOO_size() do completely different things.

> You should send a bug report to [hidden email].
I just forwarded the email train to that address, but if there is a better way
to do the report, just let me know (pointer to a webpage, whatever).

Brad

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Determining key size for DSA and DH?

bradh (Bugzilla)
On Sun, 5 Jun 2005 22:03 pm, Brad Hards wrote:
> On Sun, 5 Jun 2005 21:20 pm, Nils Larsch wrote:
> > > Is there a way to determine the keylength for DSA keys and DH keys?
> >
> > in case of a EVP_PKEY object EVP_PKEY_bits, otherwise
>
> As it turns out, I do have a EVP_PKEY, so this is just what I needed.
Not sure how I managed to miss it, but I missed the "huge thanks for the fast
response" part of my message. Thanks Nils - this saved me a lot of work, and
is truly appreciated.

Brad

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Determining key size for DSA and DH?

Nils Larsch
In reply to this post by bradh (Bugzilla)
Brad Hards wrote:
...
>>You should send a bug report to [hidden email].
>
> I just forwarded the email train to that address, but if there is a better way
> to do the report, just let me know (pointer to a webpage, whatever).

as an alternative you could go to http://www.aet.tu-cottbus.de/rt2/
log in as a guest and create a new ticket, but I guess it's more
comfortable to just send a mail to [hidden email] (note: new bug
reports are moderated, so they don't immediately show up on openssl-dev
etc.), see http://www.openssl.org/support/rt2.html .

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]