> From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
> Sent: Wednesday, 24 August, 2011 02:32
> Basically when we encrypt something using an RSA key (whether public
> or private), the encrypted value must be smaller than the key (due to
> the maths used to do the actual encryption). So if you have a 1024-bit
key,
> in theory we could encrypt any 1023-bit value (or a 1024-bit value smaller
> than the key) with that key.
More precisely, smaller than the modulus 'N' but
large enough not to be subject to a trivial break.
An RSA public key is the pair (e,n) where e is usually small,
and the private key is in principle the pair (d,n) where d is
usually a substantial fraction of n. RSA private keys may
and in OpenSSL do also include additional 'Chinese Remainder
Theorem' aka CRT information to make computation faster.
Plus, most actual RSA encryption schemes add padding.
In particular simply RSA-encrypting raw user data allows
an adversary to determine if a guessed plaintext is correct,
which in general is considered an unacceptable weakness.
Thus the value size you can encrypt is somewhat less than
the RSA modulus size because of this padding; the commonly
used PKCS#1 v1.5 'classic' and v2 OAEP are 11 and 41 bytes.
If used certain ways v1.5 has weakness (see Bleichenbacher's
attack on early SSL) which is why OAEP was created.
> below is the code snippet i am trying to do AES Encryption.
> it works fine. if i see some example in openssl they are using KEY value
> EVP_MAX_KEY_LENGTH(32 bytes). can i use RSA public key(1024 bit) to
encrypt
> the same value and use private to decrypt the value.
It's not entirely 'fine', see below.
EVP_MAX_KEY_LENGTH is the maximum length for *any* (supported)
*symmetric* algorithm. It is useful if you want to write generic
code that works for various algorithms selectable at runtime,
as many common systems like SSL/TLS SMIME/CMS/PKCS7 PGP do.
If you are using only a specific cipher you can use the key length
for that cipher which might be smaller.
However, the key lengths for *asymmetric* algorithms, including RSA,
are all separate. You need to use the correct one for each.
> unsigned char key[] =
{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
> unsigned char iv[] = {1,2,3,4,5,6,7,8};
> char intext[] = "string to make the random number generator
think it has entropy";
> // Straight encrypt
> EVP_CIPHER_CTX x;
> EVP_CIPHER_CTX_init(&x);
> if(!EVP_EncryptInit_ex(&x, EVP_aes_256_cbc(), NULL, key,
iv))
> printf("\n ERROR!! \n");
The key for AES-256 is 32 bytes, and IV for AES-anything 16 bytes.
You are using partly unknown possibly garbage values, which means
you may be unable to decrypt the result in any other program.
(Of course in any real use the IV should be random or at least unique
and unpredictable, and the key should be random or at least secret.)
> if(!EVP_EncryptUpdate(&x, outbuf, &outlen,
> (const unsigned char*) intext, strlen(intext)))
> printf("\n ERROR!! \n");
> if(!EVP_EncryptFinal_ex(&x,outbuf+outlen,&tmplen))
> printf("\n ERROR!! \n");
> outlen+=tmplen;
In general when any OpenSSL call returns an error, you should look
at the error stack: http://www.openssl.org/support/faq.html#PROG6
For these particular calls (symm encrypt without engine) it's not vital,
but if and when you start doing other things it becomes valuable.
> }
> EVP_CIPHER_CTX_cleanup(&x);
This should be within the routine (before the closing brace).
Now to your actual question:
Yes in abstract you can encrypt and decrypt data directly with RSA.
In practice people usually don't, because of the limitations.
Most widespread systems like SSL/TLS and SMIME and PGP are 'hybrid',
where for encryption the data is encrypted with a symmetric algorithm
and a random 'working' or 'session' key, and public-key algorithms
like RSA DH or ECDH are used to transfer or share that working key;
in the simplest case, the working key is just RSA-encrypted.
Similarly for signing people don't actually RSA-sign their data;
instead a hash like SHA1 is computed from the data, and that hash
(plus limited overhead like an OID) is signed by RSA or [EC]DSA.
These hybrids are what EVP_{Seal,Open}* and EVP_{Sign,Verify}* do.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
