From: Andreas Jellinghaus (ajdungeon.inka.de)
Date: Tue Feb 23 2010 - 03:18:09 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I verified your email, and the situation is exactly as you said.
except your interpretation is wrong.

the "rsa" command you posted, will print three things:
 * Modulus
 * Exponent
 * "RSA PRIVATE KEY"

Modulus and Exponent are the information that is in public keys.
So that is perfectly fine. None of the information available in
private keys was posted, as openssl can't get that.

The "RSA PRIVATE KEY" pem print is totaly bogus, it is much too short
to contain the public and the private key parts. I can't verify that,
as the file is broken - openssl cannot read it back again. I guess
openssl tried to create an rsa private key file, but somehow didn't
properly check if all necessary information was available, and still
print what was there (only the public key parts modulus and exponent)
and created a PEM file, which is unuseable, as it doesn't contain all
the information that should be in there.

For testing I created a key and extracted the public parts. The length
of that data matches the PEM file printed with your command. so there
can't be more information in there...

So everything is fine - well, except openssl could implement better
checks for RSA private key parts, print some nice message, and not
try to create a private key PEM file if required information is missing.

by the way: running an SSL server with the key on the smart card is
propably not such a good idea - smart cards can do about one signature
a second (if the card is fast). You might need much more than that.

Regards, Andreas
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]