[Cryptography] OpenSSL: rsa_builtin_keygen: key size too small

Henry Baker hbaker1 at pipeline.com
Wed Dec 25 08:51:21 EST 2019

At 09:30 PM 12/22/2019, Henry Baker wrote:
>At 06:05 PM 12/22/2019, Matt Palmer wrote:
>>On Sun, Dec 22, 2019 at 09:33:40AM -0800, Henry Baker wrote:
>>> I tried to downgrade the encryption just for the development phase,
>>> but OpenSSL won't allow me to use keys smaller than 512 bits.
>>> Does anyone know how to turn off this error message in order to
>>> work with much smaller keys?
>>Based on a quick grovel through the openssl source, it looks like this limit
>>is hard-coded, and requires a rebuild of openssl to set the value smaller.
>>- Matt
>Thanks Matt, Richard, Viktor.
>I've compiled OpenSSL before -- it isn't very difficult -- so I guess I'll have to do it again!
>Re embedded processor:
>Actually, no, it's the other way around.  The eventual target (if it ever happens) will likely be a lot *more* powerful than my development machine, so I wanted to play with a "toy" version of the software at some reasonable speed prior to increasing the bit-length of the keys.

I gave up and learned how to make my own keys.

Here's a toy example (perhaps you need a certificate for your 6502-based Apple ][ web server, secure from Intel 4004-based Eve ?)

foo at bar:~ $ cat smallkey.pem
foo at bar:~ $ cat smallkey.pem | openssl pkey -text -noout
RSA Private-Key: (8 bit, 2 primes)
modulus: 187 (0xbb)
publicExponent: 7 (0x7)
privateExponent: 23 (0x17)
prime1: 17 (0x11)
prime2: 11 (0xb)
exponent1: 7 (0x7)
exponent2: 3 (0x3)
coefficient: 14 (0xe)
foo at bar:~ $ xxd digest.bin 
00000000: 0a                                       .
foo at bar:~ $ openssl rsautl -sign -in digest.bin -out signature.bin -inkey smallkey.pem -raw
foo at bar:~ $ xxd signature.bin 
00000000: af                                       .
foo at bar:~ $

More information about the cryptography mailing list