Encryption not possible with RSA private key??

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Encryption not possible with RSA private key??

Emmanuel Lepavec
Concerning the function: int RSA_private_encrypt(...);

This function returns "-1" when the public exponent "e" is NULL. But, as
far as I know, the RSA encryption with the private key only needs:
  - public modulus "n" and
  - private exponent "d"
to be mentioned in the RSA structure.

Is the RSA_private_encrypt not supported?

I saw the same behavior with a CRT private key. I don't understand why
the public exponent "e" must be mentioned.
Can you explain me this behavior?

Thanks by advance.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Victor Duchovni
On Mon, Jan 09, 2006 at 01:57:46PM +0100, Emmanuel Lepavec wrote:

> Concerning the function: int RSA_private_encrypt(...);
>
> This function returns "-1" when the public exponent "e" is NULL. But, as
> far as I know, the RSA encryption with the private key only needs:
>   - public modulus "n" and
>   - private exponent "d"
> to be mentioned in the RSA structure.
>
> Is the RSA_private_encrypt not supported?
>

The private key is for signing and decryption, the public key is for
signature verification and encryption... Do not encrypt/decrypt arbitrary
data with RSA (only suitable message digests, session keys, and other
standard uses).

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Emmanuel Lepavec
Victor Duchovni wrote:
>
> The private key is for signing and decryption, the public key is for
> signature verification and encryption... Do not encrypt/decrypt arbitrary
> data with RSA (only suitable message digests, session keys, and other
> standard uses).
>
Thanks for your answer.
But why does the RSA_private_encrypt(...) function exist?

The problem is that, even though it is not standard use, I *need* to do
encryption with the Private Key.

Even though I think I may be able to have a workaround by using the
public key encryption method for standard private key, I don't know how
to proceed with private CRT key without handmade calculation.

Any helping tips for this issue?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Victor Duchovni
On Mon, Jan 09, 2006 at 04:23:54PM +0100, Emmanuel Lepavec wrote:

> The problem is that, even though it is not standard use, I *need* to do
> encryption with the Private Key.

Why? Anyone can use the public key to decrypt such a message, so
this cannot be used to keep the message confidential, rather such an
operation is really a signing operation, and you should be using a
signing primitive.

Please explain the real problem you are solving...

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Bernhard Fröhlich-2
In reply to this post by Emmanuel Lepavec
Emmanuel Lepavec wrote:

>Victor Duchovni wrote:
>  
>
>>The private key is for signing and decryption, the public key is for
>>signature verification and encryption... Do not encrypt/decrypt arbitrary
>>data with RSA (only suitable message digests, session keys, and other
>>standard uses).
>>
>>    
>>
>Thanks for your answer.
>But why does the RSA_private_encrypt(...) function exist?
>  
>
You use RSA_private_encrypt(...) on the message's digest to generate a
signature. The result can be decrypted with the public_decrypt-function
if you have the public part.

>The problem is that, even though it is not standard use, I *need* to do
>encryption with the Private Key.
>  
>
If you could detail your intended use it may be clearer for me why you
want to do that.
Remember that it's very easy to do wrong things in cryptographic
applications, so I'm always a bit suspicious if someone has a "non
standard use"... ;)

>[...]
>  
>
Hope it helps.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Dr. Stephen Henson
In reply to this post by Emmanuel Lepavec
On Mon, Jan 09, 2006, Emmanuel Lepavec wrote:

> Concerning the function: int RSA_private_encrypt(...);
>
> This function returns "-1" when the public exponent "e" is NULL. But, as
> far as I know, the RSA encryption with the private key only needs:
>   - public modulus "n" and
>   - private exponent "d"
> to be mentioned in the RSA structure.
>
> Is the RSA_private_encrypt not supported?
>
> I saw the same behavior with a CRT private key. I don't understand why
> the public exponent "e" must be mentioned.
> Can you explain me this behavior?
>

The private key operations check that the operation is successful by
performing a public key operation. This requires the value of the public
exponent "e".

This check is there to avoid certain types of attack.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Emmanuel Lepavec
In reply to this post by Bernhard Fröhlich-2
Bernhard Froehlich wrote:
>>
> If you could detail your intended use it may be clearer for me why you
> want to do that.
> Remember that it's very easy to do wrong things in cryptographic
> applications, so I'm always a bit suspicious if someone has a "non
> standard use"... ;)
>
Actually, I do not use OpenSSL in a concrete application. I use it as a
trusted Oracle for testing my own implementation. And, for complete
testing, I need to be able to perform every private key operation with
the minimum of available information (ie. without public key info). It
includes "non standard" operation such as encryption.

For this, I do not need any security countermeasure. So, if there is a
way to disable checks that requires the public key, please tell! ;-)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Bernhard Fröhlich-2
Emmanuel Lepavec wrote:

>Bernhard Froehlich wrote:
>  
>
>>If you could detail your intended use it may be clearer for me why you
>>want to do that.
>>Remember that it's very easy to do wrong things in cryptographic
>>applications, so I'm always a bit suspicious if someone has a "non
>>standard use"... ;)
>>
>>    
>>
>Actually, I do not use OpenSSL in a concrete application. I use it as a
>trusted Oracle for testing my own implementation. And, for complete
>testing, I need to be able to perform every private key operation with
>the minimum of available information (ie. without public key info). It
>includes "non standard" operation such as encryption.
>
>For this, I do not need any security countermeasure. So, if there is a
>way to disable checks that requires the public key, please tell! ;-)
>  
>
How about hacking the code? I have not analyzed this particular function
but if it really is just because of a security check like Steve said it
should not be hard to find.

Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Dr. Stephen Henson
In reply to this post by Emmanuel Lepavec
On Tue, Jan 10, 2006, Emmanuel Lepavec wrote:

>
> For this, I do not need any security countermeasure. So, if there is a
> way to disable checks that requires the public key, please tell! ;-)

I've done a quick check setting rsa->e to NULL in rsautl and it seems to work
just fine: the security checks aren't performed if 'e' is NULL. That's using
the -sign option which goes through RSA_private_encrypt().

What made you think this function returned -1?

You can't load a private key using PEM_read_bio_RSAPrivateKey() unless all
components are present but that's because they are all mandatory fields in the
RSAPrivateKey ASN1 definition. If you set the fields using some other method
then that doesn't apply.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Emmanuel Lepavec
Dr. Stephen Henson wrote:

>
> I've done a quick check setting rsa->e to NULL in rsautl and it seems to work
> just fine: the security checks aren't performed if 'e' is NULL. That's using
> the -sign option which goes through RSA_private_encrypt().
>
> What made you think this function returned -1?
>
> You can't load a private key using PEM_read_bio_RSAPrivateKey() unless all
> components are present but that's because they are all mandatory fields in the
> RSAPrivateKey ASN1 definition. If you set the fields using some other method
> then that doesn't apply.
>
Actually, I'm using libcrypto programmatically so I know for sure that
RSA_private_encrypt() returned -1 when not passing 'e' to the RSA
structure. (note that I set the other fields using simple assign as done
in the sample C test file included with source distribution).

As for hacking myself through the RSA code, I looked at the OpenSSL
source RSA_private_encrypt() but I do not understand the source code
since this is a function pointer that seems to be never initialized (it
must be implicitly initialized somewhere but I cannot find where...).

But, anyway, using BN/modexp functions I coded myself an RSA CRT Private
encrypt/decrypt operation that does the job and I use the public key
method for RSA STD Private Keys operation and it seems to work good.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Encryption not possible with RSA private key??

Dr. Stephen Henson
On Thu, Jan 12, 2006, Emmanuel Lepavec wrote:

> Actually, I'm using libcrypto programmatically so I know for sure that
> RSA_private_encrypt() returned -1 when not passing 'e' to the RSA
> structure. (note that I set the other fields using simple assign as done
> in the sample C test file included with source distribution).
>

Well that's odd: I set the rsa->e field to NULL in the rsautl utility and it
worked just fine with the -sign operation.

Did you check the error it returned?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]