certtool generating invalid RSA private keys?

Adam Langley agl at golang.org
Wed Aug 18 21:20:56 CEST 2010

A user reported that they couldn't load an RSA private key, generated
by certtool, with the Go[1] libraries. This is almost certainly an
issue with Go, but I must admit that the private does look odd:

$ certtool --generate-privkey --bits 128 > key.pem

$ openssl asn1parse < key.pem
   0:d=0  hl=2 l=  98 cons: SEQUENCE
   2:d=1  hl=2 l=   1 prim: INTEGER           :00
   5:d=1  hl=2 l=  17 prim: INTEGER           :CB5DA5AE9BCB2E0AA7DF77D525598DF1
  24:d=1  hl=2 l=   3 prim: INTEGER           :010001
  29:d=1  hl=2 l=  16 prim: INTEGER           :2B47B158914072FA21292CE371B28377
  47:d=1  hl=2 l=   9 prim: INTEGER           :D317519B689CE7AB
  58:d=1  hl=2 l=   9 prim: INTEGER           :F6A195E47387D4D3
  69:d=1  hl=2 l=   8 prim: INTEGER           :2E7E8D60009BC6BF
  79:d=1  hl=2 l=   9 prim: INTEGER           :9A9424528F66AF29
  90:d=1  hl=2 l=   8 prim: INTEGER           :662DDEAC721A7443

If we calculate de mod (p-1)(q-1):
(0x010001 * 0x2B47B158914072FA21292CE371B28377) % ((0xD317519B689CE7AB
- 1) * (0xF6A195E47387D4D3 - 1))

It does not equal one. This is the check which the Go libraries are
failing. However, based on my understanding of RSA, it should, should
it not?

[1] http://golang.org



More information about the Gnutls-devel mailing list