Mark Corner wrote:
>
> I am attempting to port a program I wrote using openssl to a Win CE device.
>
> I realize that openssl has not been ported to CE as of yet (in particular
> PocketPC, ARM, IPAQ). I really only needed the RSA bit so I tried writing a
> shim between the openssl calls that I needed and the Microsoft (gasp!)
> Crypto API. I am not much of a windows person and I seem to have hit a
> brick wall. Although this is not really an openssl problem it possibly
> deals with interoperability between them...
>
> Down to specifics:
>
> So I have gotten to the point where my windows code can encrypt and decrypt
> RSA messages by itself. Obviously the code that uses openssl works
> correctly as well. However if I encrypt a message and then send it to the
> windows device it is unable to decrypt it. At this point my best guess is
> the padding, or endianess, but I may be wrong. The CAPI docs don't make it
> clear what kind of padding they used, however a google search turns up this:
>
> http://msdn.microsoft.com/library/psdk/crypto/cryptoref1_6tbo.htm
>
> Which doesn't appear to be part of the actual MSDN docs since you can't get
> to that page from the root msdn pages. I am not sure if it is some sort of
> advanced doc or what. That document indicates that they are using PKCS #1,
> type 2. This is probably correct since that is what most people used until
> OAEP. I haven't come up with a method of verifying this.
>
> As for endianess... The IPaQ is a little endian machine evidently. CAPI
> seems to want/give everything in little endian. My understanding is that
> openssl uses all bignums in big endian. Correct me if I am wrong.
>
> The questions are: Am I duplicating work? Is there a better way? What
> might I be doing wrong?
>
I haven't actually tried encryption using an iPAQ, WinCE and CryptoAPI.
However on PC based CryptoAPI it does interop with OpenSSL. It does use
PKCS#1 type 2 blocks and it does use little endian for everything.
According to the MS docs direct RSA encryption only works with PCs using
Win2K however I found it worked on any Win32 PC OS which has the
enhanced CSP installed including an ancient Win95 version.
It might be an idea to see if your stuff works on PC CryptoAPI first
then worry about WinCE on the iPAQ later.
There's also some code which you should be able to use in my PVK utility
source which converts between RSA structures and CryptoAPI
PRIVATEKEYBLOBs.
There's nothing I can see obviously wrong with your code. I personally
wrote functions to convert between BIGNUMs and little endian buffers and
use BN_get_word()/BN_set_word() to handle the public exponent which
makes things a little clearer.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
