Eric Gilbertson wrote:
>
> Hello Again:
>
> Can anyone tell me what the purpose of the RSA_public_decrypt()/
> RSA_private_encrypt() pair calls that are used in the SSL3 key
> change protocol is? Since they are operating on digested data
> it appears that they are used to implement signing? If that is the
> case why not do this directly using sign and verify calls?
> Also, is it correct that this operation is being performed using the
> actual SSL cert key pair and not the ephemeral key that is subsequently
> exchanged? Assuming I've got this all straight then it appears to
> be impossible to implement this algorithm using PKCS11 devices since
> they do not allow "reverse" operations on public keys.
>
OpenSSL 0.9.5 does call RSA_sign() or RSA_verify() instead of
RSA_public_decrypt() and RSA_private_encrypt() and there are also
callbacks in RSA_METHOD especially for this.
BTW PKCS#11 can do the same as RSA_public_decrypt() with
C_VerifyRecover().
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]