It probably is 1023 bit, but you can think of that as being 1024 bit with
the top bit zero. Since the modulus is effectively random (the product or
two randomly chosen large primes) then it makes sense that some of the
generated moduli will not completely fill the 1024 bits, just as choosing a
number randomly between 0 and 100 won't always have the top decimal place
filled. If the top bit was always set it would reduce the search space when
attacking the key, thereby weakening it.
> A local certification authority has issued a cert and the public is as
> below (parsed with openssl) :
> Modulus (1023 bit):
> Exponent: 3 (0x3)
> The key pair was generated by the CA (smart-card based) and it was
> supposed to be a 1024-bit RSA key. I retrieved the certificate from the
> smart card and parsed it with openssl.
> I am just wondering why did openssl report it as 1023-bit?
Suppose I ask you to pick a random number between 1 and 1000. You tell me.
I think ask someone "do you think he picked a random number between 1 and
1000 or between 1 and 500?". Half the time, the other person will say
"probably between 1 and 500". So half of the 1,024 bit random numbers fit in