Concerning the function: int RSA_private_encrypt(...);
This function returns "-1" when the public exponent "e" is NULL. But, as far as I know, the RSA encryption with the private key only needs: - public modulus "n" and - private exponent "d" to be mentioned in the RSA structure. Is the RSA_private_encrypt not supported? I saw the same behavior with a CRT private key. I don't understand why the public exponent "e" must be mentioned. Can you explain me this behavior? Thanks by advance. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On Mon, Jan 09, 2006 at 01:57:46PM +0100, Emmanuel Lepavec wrote:
> Concerning the function: int RSA_private_encrypt(...); > > This function returns "-1" when the public exponent "e" is NULL. But, as > far as I know, the RSA encryption with the private key only needs: > - public modulus "n" and > - private exponent "d" > to be mentioned in the RSA structure. > > Is the RSA_private_encrypt not supported? > The private key is for signing and decryption, the public key is for signature verification and encryption... Do not encrypt/decrypt arbitrary data with RSA (only suitable message digests, session keys, and other standard uses). -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Victor Duchovni wrote:
> > The private key is for signing and decryption, the public key is for > signature verification and encryption... Do not encrypt/decrypt arbitrary > data with RSA (only suitable message digests, session keys, and other > standard uses). > Thanks for your answer. But why does the RSA_private_encrypt(...) function exist? The problem is that, even though it is not standard use, I *need* to do encryption with the Private Key. Even though I think I may be able to have a workaround by using the public key encryption method for standard private key, I don't know how to proceed with private CRT key without handmade calculation. Any helping tips for this issue? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On Mon, Jan 09, 2006 at 04:23:54PM +0100, Emmanuel Lepavec wrote:
> The problem is that, even though it is not standard use, I *need* to do > encryption with the Private Key. Why? Anyone can use the public key to decrypt such a message, so this cannot be used to keep the message confidential, rather such an operation is really a signing operation, and you should be using a signing primitive. Please explain the real problem you are solving... -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Emmanuel Lepavec
Emmanuel Lepavec wrote:
>Victor Duchovni wrote: > > >>The private key is for signing and decryption, the public key is for >>signature verification and encryption... Do not encrypt/decrypt arbitrary >>data with RSA (only suitable message digests, session keys, and other >>standard uses). >> >> >> >Thanks for your answer. >But why does the RSA_private_encrypt(...) function exist? > > if you have the public part. >The problem is that, even though it is not standard use, I *need* to do >encryption with the Private Key. > > If you could detail your intended use it may be clearer for me why you want to do that. Remember that it's very easy to do wrong things in cryptographic applications, so I'm always a bit suspicious if someone has a "non standard use"... ;) >[...] > > Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s (4K) Download Attachment |
In reply to this post by Emmanuel Lepavec
On Mon, Jan 09, 2006, Emmanuel Lepavec wrote:
> Concerning the function: int RSA_private_encrypt(...); > > This function returns "-1" when the public exponent "e" is NULL. But, as > far as I know, the RSA encryption with the private key only needs: > - public modulus "n" and > - private exponent "d" > to be mentioned in the RSA structure. > > Is the RSA_private_encrypt not supported? > > I saw the same behavior with a CRT private key. I don't understand why > the public exponent "e" must be mentioned. > Can you explain me this behavior? > The private key operations check that the operation is successful by performing a public key operation. This requires the value of the public exponent "e". This check is there to avoid certain types of attack. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
In reply to this post by Bernhard Fröhlich-2
Bernhard Froehlich wrote:
>> > If you could detail your intended use it may be clearer for me why you > want to do that. > Remember that it's very easy to do wrong things in cryptographic > applications, so I'm always a bit suspicious if someone has a "non > standard use"... ;) > Actually, I do not use OpenSSL in a concrete application. I use it as a trusted Oracle for testing my own implementation. And, for complete testing, I need to be able to perform every private key operation with the minimum of available information (ie. without public key info). It includes "non standard" operation such as encryption. For this, I do not need any security countermeasure. So, if there is a way to disable checks that requires the public key, please tell! ;-) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Emmanuel Lepavec wrote:
>Bernhard Froehlich wrote: > > >>If you could detail your intended use it may be clearer for me why you >>want to do that. >>Remember that it's very easy to do wrong things in cryptographic >>applications, so I'm always a bit suspicious if someone has a "non >>standard use"... ;) >> >> >> >Actually, I do not use OpenSSL in a concrete application. I use it as a >trusted Oracle for testing my own implementation. And, for complete >testing, I need to be able to perform every private key operation with >the minimum of available information (ie. without public key info). It >includes "non standard" operation such as encryption. > >For this, I do not need any security countermeasure. So, if there is a >way to disable checks that requires the public key, please tell! ;-) > > should not be hard to find. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s (4K) Download Attachment |
In reply to this post by Emmanuel Lepavec
On Tue, Jan 10, 2006, Emmanuel Lepavec wrote:
> > For this, I do not need any security countermeasure. So, if there is a > way to disable checks that requires the public key, please tell! ;-) I've done a quick check setting rsa->e to NULL in rsautl and it seems to work just fine: the security checks aren't performed if 'e' is NULL. That's using the -sign option which goes through RSA_private_encrypt(). What made you think this function returned -1? You can't load a private key using PEM_read_bio_RSAPrivateKey() unless all components are present but that's because they are all mandatory fields in the RSAPrivateKey ASN1 definition. If you set the fields using some other method then that doesn't apply. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Dr. Stephen Henson wrote:
> > I've done a quick check setting rsa->e to NULL in rsautl and it seems to work > just fine: the security checks aren't performed if 'e' is NULL. That's using > the -sign option which goes through RSA_private_encrypt(). > > What made you think this function returned -1? > > You can't load a private key using PEM_read_bio_RSAPrivateKey() unless all > components are present but that's because they are all mandatory fields in the > RSAPrivateKey ASN1 definition. If you set the fields using some other method > then that doesn't apply. > RSA_private_encrypt() returned -1 when not passing 'e' to the RSA structure. (note that I set the other fields using simple assign as done in the sample C test file included with source distribution). As for hacking myself through the RSA code, I looked at the OpenSSL source RSA_private_encrypt() but I do not understand the source code since this is a function pointer that seems to be never initialized (it must be implicitly initialized somewhere but I cannot find where...). But, anyway, using BN/modexp functions I coded myself an RSA CRT Private encrypt/decrypt operation that does the job and I use the public key method for RSA STD Private Keys operation and it seems to work good. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On Thu, Jan 12, 2006, Emmanuel Lepavec wrote:
> Actually, I'm using libcrypto programmatically so I know for sure that > RSA_private_encrypt() returned -1 when not passing 'e' to the RSA > structure. (note that I set the other fields using simple assign as done > in the sample C test file included with source distribution). > Well that's odd: I set the rsa->e field to NULL in the rsautl utility and it worked just fine with the -sign operation. Did you check the error it returned? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |