[EMAIL PROTECTED] - Tue Dec 9 14:51:37 2003]: > Hello: > Actually, this is more of a question than a request for enhancement. > Does > OpenSSL's crypto support crippled PKCS#1 encoded private keys? > Crippled PKCS#1 encoded keys are keys that don't have all the PKCS#1 > components. I have keys that contain only the modulus, and the public > and > the private exponents. They do not contain the primes and the CRT > exponents and coefficient. When I try to use these keys I get a > "divide > by zero" error from OpenSSL, raising the suspission that OpenSSL does > not > support crippled private keys. Can you please confirm this?
There is code which tests this case and bypasses the CRT code if some or all of the CRT components aren't present in the RSA structure. By not present that means they are set to NULL in the structure: you wont be able to do that with a standard PEM RSAPrivateKey structure, you'd need to fill in the RSA structure "manually". If the relevant fields are just zero in the PKCS#1 RSAPrivateKey encoding then that's a violation of the standard and it may well cause an exception. You can always calculate the CRT components using various techniques. That's generally a good idea since you get much better performance that way. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
