Re: RSA_private_decrypt without e and d

Wed, 23 Feb 2011 23:30:54 -0800 

Hi Shaheed,
The OpenSSL error you are getting means that OpenSSL decrypted the ciphered text but couldn't find the PKCS1 padding byte. This means that the wrong CRT parameters were supplied. Usually this comes from the fact that the parameters p and q (and the corresponding dmp1, dmq1) must be swapped : p instead of q and q instead of p (same thing for dmp1 and dmq1). In order to check this, you can use a tool I have written and that enables you to recover e and d from these 5 parameters. You can get it from sourceForge using the following link : http://rsaconverter.sourceforge.net/ . Thanks to it, you can check that these 5 parameters give you the correct d and e. In your case, I'm sure you'll get the wrong d and e. Swap the parameters and see if you get the correct d this time. 

I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr



On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote:



Just to be clear, below is not the actual code, but what I would 
**like** to be able to do (or something close).



*From:*owner-openssl-us...@openssl.org 
[mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed 
Bacchus (sbacchus)

*Sent:* Wednesday, February 23, 2011 9:47 PM
*To:* openssl-users@openssl.org
*Subject:* RSA_private_decrypt without e and d

Hi,


I have a situation where I have a message that has been encrypted via 
RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, 
dmq1, and iqmp components (I know it might sound odd that I don’t have 
the e and d components but that is the case). I’m trying to do 
something like:


If (!(new_key = RSA_new()))

return -1;

new_key->n = BN_bin2bn(n_data, n_data_len, NULL);

new_key->p = BN_bin2bn(p_data, p_data_len, NULL);

new_key->q = BN_bin2bn(q_data, q_data_len, NULL);

new_key->dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL);

new_key->dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL);

new_key->iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL);


resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, 
decrypted, new_key, RSA_PKCS1_PADDING);


This decrypt fails with


error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type 
is not 02



Supplying the correct e and d component causes it work properly, but I 
will not have those under normal circumstances. Is there any way to do 
this without d and e?




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to