Private key length bytes

hs2d picture hs2d · Mar 23, 2011 · Viewed 35.5k times · Source

So im generating 2048 RSA keypair. But when i look at the private key the lenght is only 1232 bytes. Does this have anything to do with the 2048 or is the 2048 just the modulus size?

Answer

Thomas Pornin picture Thomas Pornin · Mar 23, 2011

The size of a RSA key is expressed in bits, not bytes. 2048 bits are 256 bytes.

A bare-bone RSA private key consists in two integers, the modulus (a big composite integer, its length in bits is the "RSA key length") and the private exponent (another big integer, which normally has the same size than the modulus). However, the modulus and the private exponent have a bit of internal structure, and knowing details about that structure allows for faster implementations (by a factor of about 4). Hence, RSA private keys usually include some more data.

Namely, if the modulus is n and is the product of two prime numbers p and q, then the private key includes:

  • the modulus n (256 bytes for a 2048-bit key)
  • the public exponent e (small, often 65537, i.e. can be encoded over 3 or 4 bytes)
  • the private exponent d (about 256 bytes)
  • the factors p and q (128 bytes each)
  • d reduced modulo p-1 (128 bytes)
  • d reduced modulo q-1 (128 bytes)
  • 1/q mod p (the inverse of q modulo p; 128 bytes)

for a grand total of about 1160 bytes. Then there is a bit of overhead for the encoding, because all those integers could have lengths slightly different (for instance, nothing really requires that p and q have the exact same size; also, e could be greater than that). The standard structure uses ASN.1, which implies a few extra bytes here and there. It is also common to wrap the structure into a bigger structure which also identifies the key as being a key for RSA. 1232 bytes is compatible with a 2048-bit RSA key encoded in PKCS#8 format.

For details on RSA, have a look at PKCS#1.