System Considerations In Crypto-C

Total: 484 bytes

In addition, when the most significant bit of the most significant byte of a value is set, DER calls for a prepended 0 byte, so that it is not interpreted as a negative 2’s complement number.

For example, converting the decimal number 3,260,571,825 into hex yields 0xC25860B1. As a byte string, it would be:

C2 58 60 B1

which is four bytes long. But is that a negative or positive number? Is the sign bit set, or is this an unsigned value? To avoid confusion, we prepend a 0 byte, as follows:

00 C2 58 60 B1

Our string is now five bytes long.

For a 768-bit key pair, the most significant bit of the most significant byte of the modulus and both primes should always be set. So three of the private key’s values will have a prepended 0 byte. This increases the total key size to 487 bytes. Sometimes the most significant bit of the most significant byte of the private exponent, prime exponents and CRT coefficient will be set, sometimes not. So the total bytes could be as many as 491.

Note: If the public exponent is F4 (01 00 01), do not prepend a 0 byte to that value.

All of this means that when you generate your RSA key pair, you do not know in advance how big it is going to be when you store it in DER format. You know the approximate size, but not the exact length.

Crypto-C has the tools to let you know the exact length of your encoded key. When you call B_GetKeyInfo with a KI_* that specifies that DER-encoded data should be output, you pass the address of a pointer nto an ITEM structure. Crypto-C drops off a pointer at that address. If you go to the address indicated by the pointer, you will find the key information, which includes the key’s length in the len field of the ITEM. Use that value to find the exact length of your key.

C h a p t e r 4 U s i n g C r y p t o - C

1 3 1

Page 153
Image 153
RSA Security 5.2.2 manual 00 C2 58 60 B1