You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When printing out the Dilithium3 key file using the openssl pkey -text -in sample.key command, the output text omits the last 4 bytes from both private and public keys. These bytes are valid and should be printed. The following reproduction steps will show the presence of the missing bytes in the DER key file.
Note that a Dilithium3 key file contains both public and private keys, and so the pkey -text command fails to print the last 4 bytes for both.
To Reproduce
# Generate cert and key.
openssl req -x509 -new -newkey dilithium3 -keyout sample.key -out sample.crt -nodes -subj "/CN=sample"# The output from this command is missing the last 4 bytes from both the public key and secret key, totaling 8 bytes.
openssl pkey -text -in sample.key
# Convert the key file to DER.
openssl pkey -in sample.key -outform DER -out sample.key.der
# Print the DER file.
xxd -i sample.key.der
Expected behavior
Below is the end of the sample output from the openssl pkey -text -in sample.key command:
Thanks for this bug report, @AlexeyMavrin. Indeed, there's an obvious logical mistake in our "text key printout" logic for plain PQ keys. #268 should fix this: I'd be glad if you could check whether this correctly fixes the issue for you (either on the PR branch or after this has landed in "main" branch). Thanks in advance for this check.
When printing out the
Dilithium3
key file using theopenssl pkey -text -in sample.key
command, the output text omits the last 4 bytes from both private and public keys. These bytes are valid and should be printed. The following reproduction steps will show the presence of the missing bytes in the DER key file.Note that a Dilithium3 key file contains both public and private keys, and so the
pkey -text
command fails to print the last 4 bytes for both.To Reproduce
Expected behavior
Below is the end of the sample output from the
openssl pkey -text -in sample.key
command:Compare it to the
sample.key.der
:Note the last missing bytes:
0xd5, 0x36, 0x09, 0xf8
. So expecting the following output:The same issue occurs for the other key in this file.
Environment:
The text was updated successfully, but these errors were encountered: