Hello, I think that if you have only p, q, dmp1, dmq1, iqmp and n = p*q (which is not too hard to calculate) you can decrypt message with OpenSSL API. No d and e.
In attached file you have small example. There is created private key without e and d and decryption succeeds. Before decryption you should disable RSA blinding if you do not have e in your private key. For example if you comment line: RSA_blinding_off(rsa_priv); then you will get decryption error: *** error:0408808C:rsa routines:RSA_setup_blinding:no public exponent *** error:04065044:rsa routines:RSA_EAY_PRIVATE_DECRYPT:internal error You can experiment. Best regards, -- Marek Marcola <marek.marc...@malkom.pl> owner-openssl-us...@openssl.org wrote on 02/24/2011 10:30:17 PM: > "Shaheed Bacchus (sbacchus)" <sbacc...@cisco.com> > Sent by: owner-openssl-us...@openssl.org > > 02/24/2011 10:32 PM > > Please respond to > openssl-users@openssl.org > > To > > <openssl-users@openssl.org> > > cc > > Subject > > RE: RSA_private_decrypt without e and d > > Hi Marek, > My understanding was that while it's mathematically possible, from an > OpenSSL API perspective there is no way to do it. Did I misunderstand? > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of > marek.marc...@malkom.pl > Sent: Thursday, February 24, 2011 11:23 AM > To: openssl-users@openssl.org > Cc: openssl-users@openssl.org; owner-openssl-us...@openssl.org > Subject: RE: RSA_private_decrypt without e and d > > Hello, > > Remember, you do not need to recover this parameters to decrypt message. > > Best regards, > -- > Marek Marcola <marek.marc...@malkom.pl> > > > owner-openssl-us...@openssl.org wrote on 02/24/2011 05:19:30 PM: > > > "Shaheed Bacchus (sbacchus)" <sbacc...@cisco.com> > > Sent by: owner-openssl-us...@openssl.org > > > > 02/24/2011 05:21 PM > > > > Please respond to > > openssl-users@openssl.org > > > > To > > > > <openssl-users@openssl.org> > > > > cc > > > > Subject > > > > RE: RSA_private_decrypt without e and d > > > > Thanks Mounir and Marek, I will try to recover these parameters. > > > > -----Original Message----- > > From: owner-openssl-us...@openssl.org > > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI > > Sent: Thursday, February 24, 2011 2:27 AM > > To: openssl-users@openssl.org > > Subject: Re: RSA_private_decrypt without e and d > > > > Hi Shaheed, > > > > The OpenSSL error you are getting means that OpenSSL decrypted the > > ciphered text but couldn't find the PKCS1 padding byte. This means > that > > the wrong CRT parameters were supplied. Usually this comes from the > fact > > > > that the parameters p and q (and the corresponding dmp1, dmq1) must be > > > swapped : p instead of q and q instead of p (same thing for dmp1 and > > dmq1). > > In order to check this, you can use a tool I have written and that > > enables you to recover e and d from these 5 parameters. You can get it > > > from sourceForge using the following link : > > http://rsaconverter.sourceforge.net/ . > > Thanks to it, you can check that these 5 parameters give you the > correct > > > > d and e. In your case, I'm sure you'll get the wrong d and e. Swap the > > > parameters and see if you get the correct d this time. > > > > I hope this will help. > > Cheers, > > -- > > Mounir IDRASSI > > IDRIX > > http://www.idrix.fr > > > > > > > > On 2/24/2011 4:03 AM, Shaheed Bacchus (sbacchus) wrote: > > > > > > Just to be clear, below is not the actual code, but what I would > > > **like** to be able to do (or something close). > > > > > > *From:*owner-openssl-us...@openssl.org > > > [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Shaheed > > > Bacchus (sbacchus) > > > *Sent:* Wednesday, February 23, 2011 9:47 PM > > > *To:* openssl-users@openssl.org > > > *Subject:* RSA_private_decrypt without e and d > > > > > > Hi, > > > > > > I have a situation where I have a message that has been encrypted > via > > > RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, > > > dmq1, and iqmp components (I know it might sound odd that I don't > have > > > > > the e and d components but that is the case). I'm trying to do > > > something like: > > > > > > If (!(new_key = RSA_new())) > > > > > > return -1; > > > > > > new_key->n = BN_bin2bn(n_data, n_data_len, NULL); > > > > > > new_key->p = BN_bin2bn(p_data, p_data_len, NULL); > > > > > > new_key->q = BN_bin2bn(q_data, q_data_len, NULL); > > > > > > new_key->dmp1 = BN_bin2bn(dmp1_data, dmp1_data_len, NULL); > > > > > > new_key->dmq1 = BN_bin2bn(dmq1_data, dmq1_data_len, NULL); > > > > > > new_key->iqmp = BN_bin2bn(iqmp_data, iqmp1_data_len, NULL); > > > > > > resultDecrypt = RSA_private_decrypt(encrypted_size, encrypted, > > > decrypted, new_key, RSA_PKCS1_PADDING); > > > > > > This decrypt fails with > > > > > > error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block > type > > > is not 02 > > > > > > Supplying the correct e and d component causes it work properly, but > I > > > > > will not have those under normal circumstances. Is there any way to > do > > > > > this without d and e? > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org
rsa_test14.c
Description: Binary data