Compatibility between RSA_sign and RSA_public_decrypt

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Compatibility between RSA_sign and RSA_public_decrypt

Suram Chandra Sekhar
Hi all,
I understand that RSA_sign() uses PKCS#1v1.5 padding for signing.  If I
sign using RSA_sign,
can this signature be verified using RSA_public_decrypt() which uses PKCS#1
v1.0.

In other words is it possible to have compatibility between these two
versions.

Awaiting your valuable response..

Regards
Suram


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Compatibility between RSA_sign and RSA_public_decrypt

Steven Reddie
RSA_verify calls RSA_public_decrypt to do the actual decryption.  The
padding aspects of each are the same.  The difference in PKCS#1 padding is
between RSA_public_encrypt/RSA_private_decrypt and
RSA_private_encrypt/RSA_public_decrypt.  The pair used for signatures use a
form of padding that doesn't change each time it is applied (each byte is
0xff).  The other pair use a form of padding that includes randomly
generated padding bytes and therefore does change each time it is applied.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Suram Chandra Sekhar
Sent: Friday, 26 August 2005 7:47 PM
To: [hidden email]
Subject: Compatibility between RSA_sign and RSA_public_decrypt

Hi all,
I understand that RSA_sign() uses PKCS#1v1.5 padding for signing.  If I sign
using RSA_sign, can this signature be verified using RSA_public_decrypt()
which uses PKCS#1 v1.0.

In other words is it possible to have compatibility between these two
versions.

Awaiting your valuable response..

Regards
Suram


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Problems creating a Certificate Request

Stani-2
Hi,
I try to create a certificate request with 'Certificate Authority' as
CN. If fails with the crypto error: ('asn1 encoding routines',
'ASN1_mbstring_ncopy', 'invalid universalstring length') What does this
mean? Does anybody knows how this could be solved or point me in the
direction?
Thanks,
Stani

http://pythonide.stani.be

PS I used pyOpenSSL, but this problem is probably generic. This is the
python traceback:
Traceback (most recent call last):

  File "C:\Python24\Scripts\webcleaner-certificates", line 113, in ?

    main(sys.argv[1:])

  File "C:\Python24\Scripts\webcleaner-certificates", line 105, in main

    install_ssl_certs(configdir)

  File "C:\Python24\Scripts\webcleaner-certificates", line 61, in
install_ssl_certs

    wc.proxy.ssl.create_certificates(configdir)

  File "C:\Python24\Lib\site-packages\wc\proxy\ssl.py", line 109, in
create_certificates

    careq = createCertRequest(cakey, CN='Certificate Authority')

  File "C:\Python24\Lib\site-packages\wc\proxy\ssl.py", line 179, in
createCertRequest

    setattr(subj, key, value)

OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_mbstring_ncopy',
'invalid universalstring length')]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Problems creating a Certificate Request

Dr. Stephen Henson
On Sat, Aug 27, 2005, SPE - Stani's Python Editor wrote:

> Hi,
> I try to create a certificate request with 'Certificate Authority' as
> CN. If fails with the crypto error: ('asn1 encoding routines',
> 'ASN1_mbstring_ncopy', 'invalid universalstring length') What does this
> mean? Does anybody knows how this could be solved or point me in the
> direction?
> Thanks,
> Stani
>
> http://pythonide.stani.be
>
> PS I used pyOpenSSL, but this problem is probably generic. This is the
> python traceback:
> Traceback (most recent call last):
>
>  File "C:\Python24\Scripts\webcleaner-certificates", line 113, in ?
>
>    main(sys.argv[1:])
>
>  File "C:\Python24\Scripts\webcleaner-certificates", line 105, in main
>
>    install_ssl_certs(configdir)
>
>  File "C:\Python24\Scripts\webcleaner-certificates", line 61, in
> install_ssl_certs
>
>    wc.proxy.ssl.create_certificates(configdir)
>
>  File "C:\Python24\Lib\site-packages\wc\proxy\ssl.py", line 109, in
> create_certificates
>
>    careq = createCertRequest(cakey, CN='Certificate Authority')
>
>  File "C:\Python24\Lib\site-packages\wc\proxy\ssl.py", line 179, in
> createCertRequest
>
>    setattr(subj, key, value)
>
> OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_mbstring_ncopy',
> 'invalid universalstring length')]
>

That report doesn't help much unfortunately. A UniveralString must be a
multiple of 4 octets in length, which is the cause of that error.

However in normal usage UniversalStrings should almost never be encountered,
so I suspect some odd or invalid calls are being made by the wrapper.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]