On Tue, 16 Dec 2008, BiGNoRm6969 wrote:
Ok. I am a little bit confused. You are telling me that a same data encrypted
with the same key can generate different results? How can the decryption
process can succeed ?!
Maybe it's my cryto knowledge that are limited, but I was sure that one
output correspond to one input.
Then it would be possible to guess plaintext from cryptogram. E.g. you
encrypt "OK". Attacker can also encrypt "OK" and then compare it with the
captured cryptogram. If they are same he knows that you sent "OK".
Plain RSA works like this. Thats why padding is applied to plaintext
before it is encrypted. Padding contains random data that the attacker
cannot guess, therefore you get different cryptograms for same plaintext
and attacker cannot perform its encrypt-and-compare attack.
The random data is removed during decryption. When you look at the
plaintext it seems that RSA encryption/decryption is deterministic, whilst
internally strong random numbers are utilized.
Of course the ratio of random/known plaintext must be sufficiently high.
Adding just one byte of random does not help much - attacker can create
256 cryptograms for OK and compare them all.
regards,
Arne
I run my tests couples of time and it always gives me the same output result
each times (meaning that the peuso-random generator always gives the same
number?).
You are probably right, but could you confirm me that my tests are made
correctly (using a longer array than the size passed to the encryption
function) ?
Dr. Stephen Henson wrote:
On Mon, Dec 15, 2008, BiGNoRm6969 wrote:
Hi, the OpenSSL documentation tells :
"RSA_public_encrypt() encrypts the flen bytes at from (usually a session
key) using the public key rsa and stores the ciphertext in to. to must
point
to RSA_size(rsa) bytes of memory. "
I made a test and I saw something strange. I used theses arrays for my
tests:
unsigned char* test1 = new unsigned char[5];
test1[0] = 'a';
test1[1] = 'b';
test1[2] = 'c';
test1[3] = 'd';
test1[4] = 'e';
unsigned char* test2 = new unsigned char[4];
test2[0] = 'a';
test2[1] = 'b';
test2[2] = 'c';
test2[3] = 'd';
Here is my test:
RSA_public_encrypt(4, test1, encryptedLine1, publicKey,
RSA_PKCS1_PADDING);
RSA_public_encrypt(4, test2, encryptedLine2, publicKey,
RSA_PKCS1_PADDING);
The two results (stored in encryptedLineX...) are not the same and I
don't
understand why. The first argument is not supposed to be the length (in
bytes) of the data to be encrypted ? So in the two cases, the encryption
is
not supposed to bo on caracter 1 to 4 !?
This is expected behaviour and is due to the nature of that padding mode.
It
includes some pseudo random data which is different on each invocation. So
even if you encrypt the same data using the same key you will get a
different
output each time.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
View this message in context:
http://www.nabble.com/RSA_public_encrypt%28%29-strange-result-output...-is-it-a-bug-%21--tp21022467p21032487.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
