Question about RSA CRT private key operation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Question about RSA CRT private key operation

Jerry Lui
Hi,

While implementing my application with RSA, I came across this paper: https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf

When I implement RSA private key operation with CRT, should I do an extra verify operation suggested in the paper (section 1.3)? or is this handled by OpenSSL already? (More specifically in versions 1.0.2, 1.1.0, and 1.1.1)

i.e. When I'm doing RSA CRT private key operation:
- Is calling RSA_private_encrypt() sufficient?
OR
- Should I call RSA_private_encrypt() to get the cipher text, and pass the cipher text to RSA_public_decrypt() (without using CRT). And return the cipher text only if decrypt(encrypt(original_text)) matches the original text?

Thanks