One leading NUL byte in RSA key modulus

Nikos Mavrogiannopoulos nmav at
Thu Mar 29 11:29:11 CEST 2012

On Wed, Mar 28, 2012 at 10:23 PM, Jim Lloyd
<jlloyd at> wrote:
> Hello,
> I am nearly done porting our application to use gnutls 2.12 instead of 2.8.
> We have a reasonably decent set of unit tests, nearly all of which pass
> without requiring any changes. However, there are two failing tests that I
> find curious.
> First, we have a function that user gnutls_x509_privkey_export_rsa_raw to
> return the size in bytes of the modulus of a private key. One specific unit
> test simply asserts that the size of a given test key is 128 bytes. That
> test fails because the actual size of the key is now 129 bytes.

 The null byte ensures that the number isn't treated as negative when
imported to a bignum library. Thus it should be expected (at least to
numbers with their MSB being 1).

> In addition, the Public Key Id output by gnutls_x509_crt_print has changed
> to be an entirely different hash.

Could it be the change in 2.8.6?

* Version 2.8.6 (released 2010-03-15)

** libgnutls: For CSRs, don't null pad integers for RSA/DSA value.
VeriSign rejected CSRs with this padding.  Reported by Wilankar Trupti
<trupti.wilankar at> and Boyan Kasarov <bkasarov at>.

Note: As a side effect of this change, the "public key identifier"
value computed for a certificate using this version of GnuTLS will be
different from values computed using earlier versions of GnuTLS.


More information about the Gnutls-devel mailing list