Wade L. Scholine wrote:
> I have an application where I want to encrypt a small (15 octets) plaintext
> to a ciphertext of the same size. I was trying to do this with a 120-bit
> modulus and calling RSA_private_encrypt() with RSA_NO_PADDING, but some
I guess you know that a 120 bit modulus is not really secure :-)
> values of the plaintext cause RSA_R_DATA_TOO_LARGE_FOR_MODULUS.
>
> It does not appear that RSA_eay_private_encrypt() (which is where my
> encryption is winding up) enforces the requirement in PKCS1, that the
> length of the plaintext be not more than k-11 octets where k is the length
> of the modulus. Nor (when padding is RSA_NO_PADDING) does it appear to be
> trying to enforce the PKCS1 requirements for encryption block formatting,
> where the block header has a block type octet and padding string.
Hmm, the error message "RSA_R_DATA_TOO_LARGE_FOR_MODULUS"
is triggered by:
... (from RSA_eay_private_encrypt() in rsa_eay.c)
if (BN_ucmp(&f, rsa->n) >= 0)
{
/* usually the padding functions would catch this */
RSAerr(...,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
...
=> the error message has nothing to do with PKCS#1. It should tell you
that your plaintext (as a BIGNUM) is greater (or equal) than the modulus.
The typical error message in case of PKCS#1 error (in your case) would
be "RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE".
> I can arrange for the plaintext to be a little smaller: 14 octets is
> definitely doable. (The 15 octet length for the ciphertext I can't exceed.)
> If I arrange for the plaintext to be a zero followed by 14 octets of data,
> can I make this work?
it should work (, but what about a longer (== more secure) key ?)
Regards,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
