Computing Number of Bits in Public Key

0

1

I am working with DKIM and trying to compute the public key size of some DKIM signatures. I know from tools that Gmail's is now 2048, but how could I have figured this out myself (i.e., what exact Linux commands and why)?

user@host$ dig txt 20120113._domainkey.gmail.com

; <<>> DiG 9.8.3-P1 <<>> txt 20120113._domainkey.gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;20120113._domainkey.gmail.com. IN  TXT

;; ANSWER SECTION:
20120113._domainkey.gmail.com. 300 IN   TXT "k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD0" "7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"

;; Query time: 262 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Nov 19 10:52:06 2012
;; MSG SIZE  rcvd: 462

eb80

Posted 2012-11-19T15:53:30.297

Reputation: 233

The public key can be found base64 encoded after "p=". – Robert – 2012-11-19T16:23:58.573

Answers

3

1) Cut out the base64 encoded public key object:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD07y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB

2) Base64 decode it and ASN1 parse it:

$ cat base64-in.txt | base64 -d | openssl asn1parse -inform der
0:d=0 hl=4 l= 290 cons: SEQUENCE
4:d=1 hl=2 l= 13 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
17:d=2 hl=2 l= 0 prim: NULL
19:d=1 hl=4 l= 271 prim: BIT STRING

3) Notice that the BIT STRING is 4 + 2 + 13 + 9 = 28 bytes into the structure.

4) Parse the bit string:

$ cat base64-in.txt | base64 -d | openssl asn1parse -inform der -offset 28
0:d=0 hl=4 l= 257 prim: INTEGER :D4A77CEFF51E2637A7A5A6E06...
261:d=0 hl=2 l= 3 prim: INTEGER :010001

5) Notice that the key is 257 bytes. But it starts with a D (high bit set), so the leading byte has to be a zero to show it's positive. So it contains 256 unsigned bytes, or 2,048 bits.

David Schwartz

Posted 2012-11-19T15:53:30.297

Reputation: 58 310

Asked: 2012-11-19T15:53:30.297

Viewed: 136 times

Active: 2012-11-20T00:50:04.840