Sorry if this sounds ultra noobish but you guys lost me, even though you probably did answer my question ;)
The purpose of my application is to send a credit card number in encrypted format. So the parent companies webservice issues me a X509 certificate which contains their public RSA key. I extract the RSA public key from the X509 certificate and use that to encrypt the credit card number using RSA_public_encrypt with RSA_PKCS1_PADDING. I thought that would be the end of it but it turns out that I needed to add 16 bytes to the beginning of the raw data before encryption. Then it all works. So as a noob, I just wanted to know if that is the correct requirement of RSA or a requirement of my parent companies web service only? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Sierchio Sent: 17 September 2008 22:48 To: openssl-users@openssl.org Subject: Re: Do you have to pre-pend 16 bytes to a raw value before RSA encryption Kenneth Goldman wrote: > What padding are you specifying? I suspect that you are specifying > no padding, in which case the size of the input must be the same > as the size of the key. No. The input is the same size as the *modulus*. When used in encryption the recommended approach for RSA is to pad every block, and not to encrypt MODULUS-SIZE bytes of plaintext. There are very good reasons for this which will not be obvious to all readers of this thread, but you would want to use OAEP (Optimal Asymmetric Encryption Padding) if you are doing something other than signing (e.g. using RSA for to encrypt a session key). If the OP means what he says, which is *signing* a public key (the purpose of which is entirely unclear to me), then the plaintext will be the hash of the pubkey, right? In which case the padding will have to be sufficient to fill the remaining RSA block size, whatever that is. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
