What is the need for 0x00 byte prefix in pubkey and prime of a static DH key pair?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

What is the need for 0x00 byte prefix in pubkey and prime of a static DH key pair?

M K Saravanan
Hi,

When I create static DH key pair using openssl, why the public key and
prime contains the prefix 0x00 byte?

For e.g. in 1024 bit key, 128 bytes is enough.

private key properly shows 128 bytes.  But public key and prime shows
129 bytes with a 0x00 byte at the beginning.  What is the need for
this 0x00 byte at the beginning?  i.e. why it is using 129 bytes
instead of 128?


$ openssl version
OpenSSL 1.1.1  11 Sep 2018

$ openssl dhparam -out mydhp.pem 1024
[...]

$ openssl genpkey -paramfile ./mydhp.pem -out mydhkey.pem

$ openssl pkey -in ./mydhkey.pem -text -noout
DH Private-Key: (1024 bit)
    private-key:
        52:61:87:52:b4:27:5f:c3:cf:ab:2f:20:b4:aa:b7:
        df:c3:87:63:50:d2:06:dd:65:8f:db:55:2e:08:d5:
        62:44:1a:f5:d8:73:66:fe:a7:c4:43:be:f7:f0:d0:
        ba:4c:bf:f0:70:70:c9:25:92:da:ef:69:01:1a:b9:
        d9:d9:1f:b9:22:a6:84:48:d8:58:a8:a4:9e:7f:85:
        6b:9e:45:89:07:0c:fb:00:f1:0a:fb:24:10:e4:bb:
        2b:1c:7d:dc:d1:12:a3:21:5a:9b:8e:bf:9d:33:e8:
        65:fe:c2:5c:ea:47:fa:00:04:80:cf:85:e1:c6:71:
        67:4b:7b:71:92:07:59:48
    public-key:
        00:a0:0d:41:8a:27:55:07:2a:01:dd:a7:e2:86:bb:
        69:71:86:1d:62:0c:f3:b7:61:78:81:37:6c:a1:d3:
        e8:55:9d:8a:1f:e8:5e:7f:18:00:0f:4e:1d:97:70:
        a0:e7:19:2b:82:69:c3:aa:61:ea:b8:9c:10:36:19:
        e9:b9:13:db:9a:ef:34:bf:10:f7:93:84:5d:a3:b4:
        58:3a:40:ec:4b:79:06:52:b8:fe:b8:22:0d:f3:f9:
        33:1e:8e:43:69:bb:77:3d:10:78:c6:65:e8:04:08:
        96:1e:cc:6c:92:e4:55:f4:2c:d0:3d:b7:5f:58:70:
        cf:fe:a7:5f:23:e3:d9:5e:c4
    prime:
        00:a2:f4:9d:1c:3f:75:8f:3e:e3:c9:95:09:79:09:
        16:f2:f0:61:c4:e1:b9:23:22:a3:58:d7:38:7d:06:
        af:57:ad:14:5e:13:bd:71:ed:31:89:cb:65:d6:46:
        3b:29:57:ad:a9:8e:58:e6:df:c0:37:2f:4f:be:45:
        d7:c8:f1:87:ef:af:65:87:34:4a:7d:78:b8:0b:0b:
        33:d8:c1:fb:05:9e:ce:9a:27:7e:4a:2a:aa:18:33:
        35:ea:d0:b0:b7:fa:cb:d1:51:bf:11:98:12:24:be:
        1d:1c:87:c3:37:ed:0f:b9:53:23:fc:a1:be:75:ed:
        81:04:e5:6a:b3:83:40:e0:43
    generator: 2 (0x2)


with regards,
Saravanan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: What is the need for 0x00 byte prefix in pubkey and prime of a static DH key pair?

OpenSSL - User mailing list
If the first byte has the high-bit set, then you have to put a leading-zero-byte so that it is not treated as a negative number.

        public-key:
            00:a0:0d:41:8a:27:55:07:2a:01:dd:a7:e2:86:bb:
...
        prime:
            00:a2:f4:9d:1c:3f:75:8f:3e:e3:c9:95:09:79:09:
   ...


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: What is the need for 0x00 byte prefix in pubkey and prime of a static DH key pair?

Matt Caswell-2
In reply to this post by M K Saravanan


On 30/11/2018 05:26, M K Saravanan wrote:
> Hi,
>
> When I create static DH key pair using openssl, why the public key and
> prime contains the prefix 0x00 byte?

Because otherwise those numbers would be treated as negative (due to the most
significant bit being set) which is incorrect.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: What is the need for 0x00 byte prefix in pubkey and prime of a static DH key pair?

Kyle Hamilton
In reply to this post by M K Saravanan
The DER (Distinguished Encoding Rules of ASN.1, which can be found in ITU-T recommendation X.680 and X.681) requirement is that if a particular number is positive, the highest-order bit can never be set (since the highest-order bit is always the negative sign indicator). The rules further explain that the appropriate way to encode a positive integer with the highest bit set is to add an additional 0x00 byte, making the new most significant bit into a 0.

This is also why the serial number field in a certificate can be 21 bytes long, even when implementing PKIX's minimum serial number length of 20 bytes.  Numbers included in an ASN.1-encoded structure aren't ever intended to be used directly, they're intended to be decoded before the data is passed back to client code.

I realize this is much more information than you asked, but it might help to think of it as "it's done this way for compliance with the standards".

-Kyle H

On Thu, Nov 29, 2018, 21:26 M K Saravanan <[hidden email] wrote:
Hi,

When I create static DH key pair using openssl, why the public key and
prime contains the prefix 0x00 byte?

For e.g. in 1024 bit key, 128 bytes is enough.

private key properly shows 128 bytes.  But public key and prime shows
129 bytes with a 0x00 byte at the beginning.  What is the need for
this 0x00 byte at the beginning?  i.e. why it is using 129 bytes
instead of 128?


$ openssl version
OpenSSL 1.1.1  11 Sep 2018

$ openssl dhparam -out mydhp.pem 1024
[...]

$ openssl genpkey -paramfile ./mydhp.pem -out mydhkey.pem

$ openssl pkey -in ./mydhkey.pem -text -noout
DH Private-Key: (1024 bit)
    private-key:
        52:61:87:52:b4:27:5f:c3:cf:ab:2f:20:b4:aa:b7:
        df:c3:87:63:50:d2:06:dd:65:8f:db:55:2e:08:d5:
        62:44:1a:f5:d8:73:66:fe:a7:c4:43:be:f7:f0:d0:
        ba:4c:bf:f0:70:70:c9:25:92:da:ef:69:01:1a:b9:
        d9:d9:1f:b9:22:a6:84:48:d8:58:a8:a4:9e:7f:85:
        6b:9e:45:89:07:0c:fb:00:f1:0a:fb:24:10:e4:bb:
        2b:1c:7d:dc:d1:12:a3:21:5a:9b:8e:bf:9d:33:e8:
        65:fe:c2:5c:ea:47:fa:00:04:80:cf:85:e1:c6:71:
        67:4b:7b:71:92:07:59:48
    public-key:
        00:a0:0d:41:8a:27:55:07:2a:01:dd:a7:e2:86:bb:
        69:71:86:1d:62:0c:f3:b7:61:78:81:37:6c:a1:d3:
        e8:55:9d:8a:1f:e8:5e:7f:18:00:0f:4e:1d:97:70:
        a0:e7:19:2b:82:69:c3:aa:61:ea:b8:9c:10:36:19:
        e9:b9:13:db:9a:ef:34:bf:10:f7:93:84:5d:a3:b4:
        58:3a:40:ec:4b:79:06:52:b8:fe:b8:22:0d:f3:f9:
        33:1e:8e:43:69:bb:77:3d:10:78:c6:65:e8:04:08:
        96:1e:cc:6c:92:e4:55:f4:2c:d0:3d:b7:5f:58:70:
        cf:fe:a7:5f:23:e3:d9:5e:c4
    prime:
        00:a2:f4:9d:1c:3f:75:8f:3e:e3:c9:95:09:79:09:
        16:f2:f0:61:c4:e1:b9:23:22:a3:58:d7:38:7d:06:
        af:57:ad:14:5e:13:bd:71:ed:31:89:cb:65:d6:46:
        3b:29:57:ad:a9:8e:58:e6:df:c0:37:2f:4f:be:45:
        d7:c8:f1:87:ef:af:65:87:34:4a:7d:78:b8:0b:0b:
        33:d8:c1:fb:05:9e:ce:9a:27:7e:4a:2a:aa:18:33:
        35:ea:d0:b0:b7:fa:cb:d1:51:bf:11:98:12:24:be:
        1d:1c:87:c3:37:ed:0f:b9:53:23:fc:a1:be:75:ed:
        81:04:e5:6a:b3:83:40:e0:43
    generator: 2 (0x2)


with regards,
Saravanan
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users