Schifman, Jon wrote:
> I'm using OpenSSL 0.9.8d to work on generating X.509 certificates for
> use with ECDSA using the SECP384R1 curve. When I generate a certificate,
> the public key created is 97 bytes, but I know it should be 96 bytes (2
> 384 bit parameters for the x,y points on the curve). It shows up as 97
> bytes when I print the PEM formatted cert with the -text option. In
> addition, I've converted the certificate to DER format, and manually
> decoded it. The cert still has a BIT STRING field of 98 bytes specified,
> where the first octet specifies 00 as the number of unused bits (as it
> should), but there is still an extra byte. Does anyone have any ideas
> about this behavior? Is it a bug in OpenSSL?


there are different methods to encode a public key (ec point)
as an octet string and the first byte is used to specify which
method is used (in case of the uncompressed representation it
should be a 0x04).

Cheers,
Nils
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org