SwCrypt icon indicating copy to clipboard operation
SwCrypt copied to clipboard
verified publisher icon soyersoyer

Length in DER should use minimum possible bytes

Open Weetbix opened this issue 6 years ago • 1 comments

Hi 👋

Firstly thanks for the work and the great library :)

Currently in your DER encoding you are not stripping any leading 0 value octets.

When generating a PKCS8 PEM from a 4096 bit rsa key using derToPKCS8PEM the top level sequence contains leading 0's in the value of its length.

So for example:

30 83 00 02 23 . . . . . . .

The same key using OpenSSL will produce:

30 82 02 22

If you look at the DER spec it specifies that these should be stripped during DER encoding:

10.1 Length forms
The definite form of length encoding shall be used, encoded in the minimum number of octets. [Contrast with 8.1.3.2 b).]

https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf

Weetbix avatar Jun 19 '19 19:06 Weetbix

Have you ever found a workaround to that?

amlynarczyk avatar Dec 02 '20 16:12 amlynarczyk