Re: Question about EVP_PKEY_decrypt() with 4K RSA key

Wed, 13 Jun 2012 05:27:36 -0700 

Hi.

Here is a result on my Cygwin + OpenSSL "1.0.1c 10 May 2012"

Reading keys...keys are ready.
Encrytion/decryption with RSA-based function is OK.
Encrytion/decryption with EVP-based function is OK.
Signature chek is OK.

It seems it works fine.


Best regards,

Andrey Koltsov


13.06.2012 15:51, Oleksiy Lukin написал:

Hi, openssl hackers!

I wrote little program that demonstrates problem, see attached file.
It's a bit long but it shows that only EVP_PKEY_decrypt() fails with 4K
keys. Rest of functions are just fine.

See evp_decrypt_with_pvtk() function for failure.

06.06.12 05:40, Dave Thompson написав(ла):

From: owner-openssl-us...@openssl.org On Behalf Of Oleksiy Lukin
Sent: Tuesday, 05 June, 2012 03:59
I have problem with  EVP_PKEY_decrypt() function and 4K RSA
private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.


Are you counting bits (as is conventional) or bytes/octets?

Bits, sure.

EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT! RSA_private_decrypt() works just fine with
this key and
successfully decrypts data encrypted by EVP_PKEY_encrypt()! Sign and
verify operations works fine with EVP_PKEY_sign() and
EVP_PKEY_verify()
with the same keys.

I use openssl 1.0.1c.

The questions are:

1. Is there some meaningful limitation coded into EVP_PKEY_decrypt()
that does not allow decrypt operation?

Not that I see, and 1c works for me with a 4kbit RSA key.

There is a limit in the *RSA* module to 16kbit in all cases, and a
smaller limit on publickey operations *not* using a small exponent.
Both these limits apply whether used through EVP or directly, and
RSA keys generated by OpenSSL (always?) have small exponents.


2. If no such limitations, how I can make it work with 4K RSA keys?


No idea. Try to produce a minimal test program that fails and post it.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org





______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to