RE: RSA_private_decrypt produces garbage, sometimes

Reddie, Steven Sun, 15 Oct 2000 16:32:08 -0700
Not all values that fit into a 128-byte buffer can be encrypted/decrypted.
RSA doesn't treat the message merely as a buffer, but rather as a big
number.  The integer value of the message must be less than the integer
value of the modulus.  This is why PKCS#1 padding uses leading values of
0x00, 0x01, and 0x02; to force the message to be less than the modulus.

Padding is necessary for the resulting encrypted block to be less prone to
attack.  If you really don't want to use padding, perhaps you should limit
the message length to 127 bytes and prepend a 0x00.
--
Steven Reddie <[EMAIL PROTECTED]>
Senior Software Engineer
OpenDirectory Lab, Computer Associates Pty Ltd (Australia)

> -----Original Message-----
> From: Noam Ben-Yochanan [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, October 16, 2000 6:00 AM
> To:   [EMAIL PROTECTED]
> Subject:      RSA_private_decrypt produces garbage, sometimes
> 
> Hi all,
> 
>   I wrote a program which generates an RSA key pair using
> RSA_generate_key(), then I store the private and public keys in buffers
> using i2d_RSAPublicKey() and i2d_RSAPrivateKey(). I later use the
> d2i_RSAPublicKey()/d2i_RSAPrivateKey() to reproduce the keys for
> encryption and decryption - using
> RSA_private_encrypt()/RSA_public_decrypt and
> RSA_public_encrypt()/RSA_private_decrypt() - with RSA_NO_PADDING to
> encrypt/decrypt blocks of 128 bytes with 1024 bit keys.
> 
>   This works fine, except sometimes it doesn't. Given the same key, 2
> buffers which are the same except for the first byte will produce
> completely different results on decryption. One will produce  a perfect
> cleartext and the other will produce complete garbage. There are usually
> value ranges (per key) for the 1st byte for which the decryption will
> work perfectly, and the rest of the values give garbage.
> 
> Does anyone have an idea what I could be doing wrong?
> 
> Thanks in advance,
> 
> Noam
> --
> Noam Ben-Yochanan
> Technologies Team Leader
> Whale Communications Ltd.
> 
> Phone:  +972-3-9031101 (Ext 319)
> Fax: +972-3-9031102
> E-mail: [EMAIL PROTECTED]
> http://www.whale-com.com
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: RSA_private_decrypt produces garbage, sometimes

Reply via email to
