计算公钥的位数

计算公钥的位数

我正在使用 DKIM,并尝试计算一些 DKIM 签名的公钥大小。我从工具中得知 Gmail 的公钥大小现在是 2048,但我怎么能自己算出这个数字呢(即,具体有哪些 Linux 命令以及为什么)?

user@host$ dig txt 20120113._domainkey.gmail.com

; <<>> DiG 9.8.3-P1 <<>> txt 20120113._domainkey.gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;20120113._domainkey.gmail.com. IN  TXT

;; ANSWER SECTION:
20120113._domainkey.gmail.com. 300 IN   TXT "k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD0" "7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"

;; Query time: 262 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Nov 19 10:52:06 2012
;; MSG SIZE  rcvd: 462

答案1

1)剪切出base64编码的公钥对象:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD07y2+07wlNWwIt8svnxgdxGkVbb hzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB

2)Base64解码并进行ASN1解析:

$ cat base64-in.txt | base64 -d | openssl asn1parse -inform der
0:d=0 hl=4l= 290 缺点:序列
4:d=1 hl=2 l= 十三缺点:序列
6:d=2 hl=2 l= 9主要:对象:rsaEncryption
17:d=2 hl=2l= 0 原始:NULL
19:d=1 hl=4 l= 271 原始:位字符串

3)注意BIT STRING在结构中占4+2+13+9=28个字节。

4)解析位串:

$ cat base64-in.txt | base64 -d | openssl asn1parse -inform der -offset 28
0:d=0 hl=4 l=257原始:整数:4A77CEFF51E2637A7A5A6E06...
261:d=0 hl=2 l=3 prim:整数:010001

5) 注意密钥为 257 个字节。但它以D(高位设置) 开头,因此前导字节必须为零才能显示其为正数。因此它包含 256 个无符号字节,即 2,048 位。

答案2

真的吗?这里的答案很有趣。asn1parse??

首先正确格式化密钥,否则 openssl 将不会接受它并保存到 publickey.rsa 文件中

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh
+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUG
CQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD07y2+07wlNWwIt8svnxgdxG
kVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVm
Al5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlf
uac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY
/wIDAQAB
-----END PUBLIC KEY-----

然后做:

openssl rsa -in publickey.rsa -pubin -text
RSA Public-Key: (2048 bit)
Modulus:
    00:d4:a7:7c:ef:f5:1e:26:37:a7:a5:a6:e0:6c:5c:
    21:f9:e0:42:b1:24:eb:aa:6c:08:61:8b:f2:c2:56:
    e1:6e:aa:28:d8:3c:a6:9d:d1:64:6e:33:95:20:f2:
    25:74:db:3f:9b:8d:0a:17:ec:b3:32:7d:6c:93:2a:
    31:71:35:06:09:0b:3c:83:71:60:0f:60:29:dd:90:
    79:0d:e9:00:a3:9c:0c:9a:4e:30:8a:60:ce:f9:4f:
    10:cc:8d:d2:0f:4e:f2:db:ed:3b:c2:53:56:c0:8b:
    7c:b2:f9:f1:81:dc:46:91:56:db:87:36:3c:8b:e4:
    50:f4:3a:52:56:93:db:17:bc:a4:43:1b:4a:5e:4b:
    ff:6a:15:b7:2a:35:62:88:01:fe:82:1b:ef:22:19:
    31:e3:16:12:21:cf:68:4b:05:66:02:5e:4e:72:d3:
    04:79:65:30:83:c2:2c:b6:3a:b3:f0:16:5e:4d:66:
    df:e3:57:db:36:1b:5e:ed:8f:98:a9:93:b0:ab:54:
    9d:d0:36:ef:60:00:fd:34:e6:4a:f6:f9:5f:b9:a7:
    34:e7:df:07:63:eb:ed:48:17:33:52:22:84:44:7b:
    f5:c9:16:dc:69:0b:59:16:1e:70:b6:24:6b:37:4e:
    01:2d:44:c3:db:53:32:70:15:f9:8d:87:21:1e:33:
    d8:ff
Exponent: 65537 (0x10001)

相关内容