Re: RSA library and block size

Marek Marcola Wed, 06 Jun 2007 16:44:13 -0700

Hello,
> > But this padding only adds in front of DigestInfo known block and
> 
> > you get something like that:
> >   0x0001FFFF.....FF00DigestInfo
> > and this is encrypted with private key.
> > As you see, there is no random information in this case.
> 
> That means, that padding didn't solve the problem of
> known-plaintext-, chosen-plaintext-, chosen-cyphertext- or
> adaptive-chosen-plaintext-attacks? What about OAEP padding?
> 
> In my point of view, if I use padding (e.g. PKCS#1 v1.5) every
> chiffertext of the _same_ plaintext looks _different_?!?!
When you encrypt whth RSA public key and PKCS padding this
works this way, for example:


$ openssl genrsa -out key.pem 256
Generating RSA private key, 256 bit long modulus
.......+++++++++++++++++++++++++++
......+++++++++++++++++++++++++++
e is 65537 (0x10001)

$ echo hello word | openssl rsautl -encrypt -inkey key.pem -pkcs | od -x
0000000 903d 362f 2a68 6aa4 4eab fc3c a28a 3b64
0000020 f4b5 e130 3419 c7d4 49fb e1c4 ede4 d739

$ echo hello word | openssl rsautl -encrypt -inkey key.pem -pkcs | od -x
0000000 6a39 6239 a077 6447 7445 b892 80b0 bc38
0000020 0c96 2e90 9536 2a35 d578 a0ff 7216 aff6

so two encryption of the same text gives two different ciphertexts,
but if you encrypt with private key (sign):

$ echo hello word | openssl rsautl -sign -inkey key.pem -pkcs | od -x
0000000 e759 364f ea37 4e1f abd8 92ec 302e fba9
0000020 d9b4 993d 2f2e 4633 56da 0929 e029 bb5d

$ echo hello word | openssl rsautl -sign -inkey key.pem -pkcs | od -x
0000000 e759 364f ea37 4e1f abd8 92ec 302e fba9
0000020 d9b4 993d 2f2e 4633 56da 0929 e029 bb5d

you will get two identical ciphertexts.

We can check what exactly is signed (and how pkcs padding looks like)
with command:

$ echo hello word | openssl rsautl -sign -inkey key.pem -pkcs | \
        openssl rsautl -encrypt -inkey key.pem -raw | \
        od -x
0000000 0100 ffff ffff ffff ffff ffff ffff ffff
0000020 ffff ffff 6800 6c65 6f6c 7720 726f 0a64

or in character format:

$ echo hello word | openssl rsautl -sign -inkey key.pem -pkcs | \
        openssl rsautl -encrypt -inkey key.pem -raw | \
        od -c
0000000  \0 001 377 377 377 377 377 377 377 377 377 377 377 377 377 377
0000020 377 377 377 377  \0   h   e   l   l   o       w   o   r   d  \n

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: RSA library and block size

Reply via email to