Is it possible to find out the key size of the signer if we only have the signature

Michael StJohns mstjohns at comcast.net
Thu Jan 12 18:50:40 UTC 2017


On 1/12/2017 3:03 AM, Weijun Wang wrote:
> I am writing a tool to warn about weak key usage in a certificate or 
> CRL. One of the warnings is if it's signed by a cert with a small key 
> size.
>
> But the signer's cert is not always available. I can see that the 
> signature's size depends on the signer's key size. Is there a reliable 
> way to calculate this key size? The only existing knowledge is the 
> signature bytes and the signature algorithm.
>
> Thanks
> Max


If it's an RSA key then signature length == key length.


If it's an EC key then a good approximation is (signature size in bytes 
- 7)/2 * 8.   The EC signature is encoded as an ASN1 sequence of two 
INTEGERS.  The ASN1 encoding overhead is about 3 bytes for the sequence 
and 2 for each of the integers.   If you want an absolute floor on the 
key size, find the body of each of the integers (the octets that make up 
the value field) and normalize them (remove leading zeros).  Take the 
maximum of the two lengths.  That's the floor of the key size.  Once in 
about 65K signatures that floor is going to be less than the actual key 
size.



More information about the security-dev mailing list