Hello,
> > That means, that padding didn't solve the problem of
> > known-plaintext-, chosen-plaintext-, chosen-cyphertext- or
> > adaptive-chosen-plaintext-attacks? What about OAEP padding?
> 
> Can I use the public key as secret key and backwards? Then I can
> use OAEP for "signing" with the secret public key :-) and use the
> public secret key in Linux-PAM for "verify the signature". The
> advantage therefor is that I can use OAEP random(?) padding to get
> of the _same_ plaintext different chiffertexts.
If you want to use OAEP in signing then you can first add OAEP
to your data with RSA_padding_add_PKCS1_OAEP() and next use
RSA_private_encrypt() with padding flag equal to RSA_NO_PADDING.
When verifying you first call  RSA_public_decrypt() with
padding flag equal to RSA_NO_PADDING and next remove OAEP
padding with RSA_padding_check_PKCS1_OAEP() to get real data.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to