0

When working with x509 certificates and a public and private key pair, let's say you generate a private key that is 4096 bits. Is it possible to have a public key that is only 2048 bits then? Or are the public key and private key sizes always the same?

Specifically I'm referring to the output of openssl x509 -text -noout -in mycert.pem and the field:

        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)

I believe that the private key is 4096 bit, so I was a little surprised to see 2048 bit here. Could that be correct and a possible combination of key sizes for the public and private keys?

Thanks in advance!

Thomas Stringer
  • 201
  • 2
  • 6
  • @SteffenUllrich, not sure. So they should be the same then? Given the example in my question with the output of `openssl x509`, is it correct to say that this private key should also be 2048 bit? – Thomas Stringer Jul 21 '21 at 15:55
  • For RSA "the keysize" is the number of bits required to write down the modulus value (shared between the public and private keys), so they'll agree. The private exponent (D) is generally a few bits smaller (not sure if any theorem bounds it from below) and can't be bigger. So if you have a private key with a 4096-bit modulus, it doesn't go with that certificate. – bartonjs Jul 21 '21 at 16:48
  • You should better talk about key length instead of size because there is also the [file] size of a public/private key. For RSA e.g. the private key can be much larger in case additional data is included use to speed up like RSA-CRT but the key length is still the same for those keys. – Robert Jul 21 '21 at 18:11
  • The “key size” is always the same for the private key and the public key. It refers to the same number. If you have a 4096-bit private key, this is not a certificate for it. You can display both keys to check (`openssl pkey -in private_key.pem -text` for the private key). In practice, two keys are part of a matching pair if they have the same modulus value (`n`). – Gilles 'SO- stop being evil' Jul 21 '21 at 19:27
  • @Gilles'SO-stopbeingevil'+ you can use `openssl x509 -in cert -noout -modulus` and `openssl rsa -in privkey -noout -modulus` to get _only_ the modulus from each with no clutter, easier to compare (including mechanically with `cmp` or shell `[ $a = $b ]` etc) – dave_thompson_085 Jul 22 '21 at 00:48

0 Answers0