Decryption problem
I'm having a problem where after encrypting data and then decrypting it, the result is a few bytes of garbage (probably one block), and then the rest of the data is the same as the original. I'm using EVP_Seal* and EVP_Open* to perform the encryption. I tested with AES, DESX, and blowfish, and all have garbage at the beginning of the output. I've been thru the code several times, and checked that the initialization vector is the same when encrypting and decrypting. Since I am getting most of the data back, I must be recovering the session key correctly. Has anybody run into this sort of thing before? Do you have any suggestions? Thanks, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Decryption problem
I forgot to mention that this happens with CBC and CFB modes; OFB gives all garbage, but I'm hopeful that fixing CBC and CFB modes will also fix OFB mode. I am using OpenSSL 0.9.7f on mingw. Mike Michael D'Errico wrote: I'm having a problem where after encrypting data and then decrypting it, the result is a few bytes of garbage (probably one block), and then the rest of the data is the same as the original. I'm using EVP_Seal* and EVP_Open* to perform the encryption. I tested with AES, DESX, and blowfish, and all have garbage at the beginning of the output. I've been thru the code several times, and checked that the initialization vector is the same when encrypting and decrypting. Since I am getting most of the data back, I must be recovering the session key correctly. Has anybody run into this sort of thing before? Do you have any suggestions? Thanks, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Decryption problem
Turns out there is wrong information in Network Security with OpenSSL about using EVP_SealInit. It indicates that you are to pass in an init vector, but EVP_SealInit generates one and passes it back to the caller. Once I figured this out, I got everything to work. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re(2): RE(2): Re(2): Decryption Problem
Steve Many thanks for this; I should have persevered with delving into the relevant RFCs and checking the ASN.1 was valid and well formed. So Im assuming Outlook is tolerant (to some extent) of badly formed ASN.1 whereas openssl adheres to the standards (which is how it should be). One other observation (Im much more familiar with BER than DER, having had the pleasure and honour of working alongside Professors Chadwick [Mr X500] and Larmouth [Mr ASN1] in the 1980s); openssl uses unspecified length strings in the encoding, whereas the (errant) ASN.1 I posted uses absolute length strings, the question is (having not read the ISO standard for DER .. too expensive to buy) is this the only variable thing in the DER encoding? because I thought DER, unlike BER, did a 1:1 encoding so you could use the diff command (et al) to compare two independent encodings of the same thing. Just wondering, enquiring minds etc ;-) Once again many thanks. Peter "Dr. Stephen Henson" [EMAIL PROTECTED] wrote: On Sun, Mar 06, 2005, Peter Cope wrote: I'm using openssl 0.9.7e on Unix (The example output below is from Windows version of openssl [a 0.9.7X derived binary version from stunnel.org], but is consistent with AIX version as regards the failure. I will repeat this tomorrow when I have access to the Unix box if that helps). openssl pkcs7 -inform DER -in file.der This outputs a PEM file (topped and tailed with the '-- PKCS7 -' line) *But* openssl smime -decrypt -in file.der -inform DER -recip cert.pem -inkey private.pem gives Error decrypting PKCS#7 structure 172:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:140: 172:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:crypto/asn1/tasn_dec.c:935: 172:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:crypto/asn1/tasn_dec.c:628: 172:error:0D08606D:asn1 encoding routines:ASN1_TYPE_get_int_octetstring:data is wrong:crypto/asn1/evp_asn1.c:179: 172:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:crypto/pkcs7/pk7_smime.c:414: (If the file.der originated from one of our own computers, using the same public key to encrypt then the above decrypt line works). [If I redirect the output from the pkcs7 line into say fred.pem, and try decrypting this (using -in fred.pem -inform PEM ) naturally get the same error.] It may be our client is doing something wrong, but as with any interoperability testing I always assume the fault is my end until I have proof it isn't. Ah, that explains it. Going back to your output from asn1parse:355:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc365:d=5 hl=2 l= 3 cons: SEQUENCE367:d=6 hl=2 l= 1 prim: INTEGER :3Awhat this should be is an AlgorithmIdentifier structure. The parameter field(second and third lines) should be:RC2CBCParameter ::= SEQUENCE {rc2ParameterVersion INTEGER,iv OCTET STRING } -- exactly 8 octetsas you can see the 'iv' parameter is missing.Steve.--Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepageOpenSSL project core developer and freelance consultant.Funding needed! Details on homepage.Homepage: http://www.drh-consultancy.demon.co.uk__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]
Re: Re(2): RE(2): Re(2): Decryption Problem
On Mon, Mar 07, 2005, Peter Cope wrote: Steve Many thanks for this; I should have persevered with delving into the relevant RFCs and checking the ASN.1 was valid and well formed. So Im assuming Outlook is tolerant (to some extent) of badly formed ASN.1 whereas openssl adheres to the standards (which is how it should be). One other observation (Im much more familiar with BER than DER, having had the pleasure and honour of working alongside Professors Chadwick [Mr X500] and Larmouth [Mr ASN1] in the 1980s); openssl uses unspecified length strings in the encoding, whereas the (errant) ASN.1 I posted uses absolute length strings, the question is (having not read the ISO standard for DER .. too expensive to buy) is this the only variable thing in the DER encoding? because I thought DER, unlike BER, did a 1:1 encoding so you could use the diff command (et al) to compare two independent encodings of the same thing. Just wondering, enquiring minds etc ;-) OpenSSL uses DER for just about everything when encoding ASN1 whereas the decoder will tolerate DER or BER. There are some hooks for BER and streaming S/MIME in OpenSSL 0.9.8 but that's only at an early stage and no one's really been that interested in it at present. I'm not sure what Outlook is doing with that structure. Many ASN1 compilers would reject something like that. There isn't an IV either though it may be using all zeroes. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Re(2): RE(2): Re(2): Decryption Problem
There are some hooks for BER and streaming S/MIME in OpenSSL 0.9.8 but that's only at an early stage and no one's really been that interested in it at present. My program has to handle big PKCS7 files, so I´d be very interested in that streaming. I had to modify PKCS7_doit( ) routines to do that with *detached* signatures/envelopes, so I can create/read the big content apart from signature in a loop without using up my RAM, but I would prefer to leave that work to OpenSSL internals. But, in case a big *non-detached* PKCS7 is generated (maybe this is nowadays more usual), I have no option but to load all big content in memory because the internal d2i_XXX, i2d_XXX routines use only memory pointers. Something as a stream BIO instead of pointers could be a solution. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE(2): Re(2): Decryption Problem
I'm using openssl 0.9.7e on Unix (The example output below is from Windows version of openssl [a 0.9.7X derived binary version from stunnel.org], but is consistent with AIX version as regards the failure. I will repeat this tomorrow when I have access to the Unix box if that helps). openssl pkcs7 -inform DER -in file.der This outputs a PEM file (topped and tailed with the '-- PKCS7 -' line) *But* openssl smime -decrypt -in file.der -inform DER -recip cert.pem -inkey private.pem gives Error decrypting PKCS#7 structure 172:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:140: 172:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:crypto/asn1/tasn_dec.c:935: 172:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:crypto/asn1/tasn_dec.c:628: 172:error:0D08606D:asn1 encoding routines:ASN1_TYPE_get_int_octetstring:data is wrong:crypto/asn1/evp_asn1.c:179: 172:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:crypto/pkcs7/pk7_smime.c:414: (If the file.der originated from one of our own computers, using the same public key to encrypt then the above decrypt line works). [If I redirect the output from the pkcs7 line into say fred.pem, and try decrypting this (using -in fred.pem -inform PEM ) naturally get the same error.] It may be our client is doing something wrong, but as with any interoperability testing I always assume the fault is my end until I have proof it isn't. Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: 06 March 2005 01:13 To: openssl-users@openssl.org Subject: Re: Re(2): Decryption Problem On Fri, Mar 04, 2005, Peter Cope wrote: Steve, sorry forget to include the asn1parse output ... I've X'd out sensitive stuff: 0:d=0 hl=4 l=57226 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-envelopedData 15:d=1 hl=4 l=57211 cons: cont [ 0 ] 19:d=2 hl=4 l=57207 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :00 26:d=3 hl=4 l= 308 cons: SET 30:d=4 hl=4 l= 304 cons: SEQUENCE 34:d=5 hl=2 l= 1 prim: INTEGER :00 37:d=5 hl=3 l= 152 cons: SEQUENCE 40:d=6 hl=3 l= 146 cons: SEQUENCE 43:d=7 hl=2 l= 11 cons: SET 45:d=8 hl=2 l= 9 cons: SEQUENCE 47:d=9 hl=2 l= 3 prim: OBJECT:countryName 52:d=9 hl=2 l= 2 prim: PRINTABLESTRING :GB 56:d=7 hl=2 l= 19 cons: SET 58:d=8 hl=2 l= 17 cons: SEQUENCE 60:d=9 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 65:d=9 hl=2 l= 10 prim: PRINTABLESTRING :XX 77:d=7 hl=2 l= 15 cons: SET 79:d=8 hl=2 l= 13 cons: SEQUENCE 81:d=9 hl=2 l= 3 prim: OBJECT:localityName 86:d=9 hl=2 l= 6 prim: PRINTABLESTRING :XX 94:d=7 hl=2 l= 12 cons: SET 96:d=8 hl=2 l= 10 cons: SEQUENCE 98:d=9 hl=2 l= 3 prim: OBJECT:organizationName 103:d=9 hl=2 l= 3 prim: PRINTABLESTRING :XXX 108:d=7 hl=2 l= 12 cons: SET 110:d=8 hl=2 l= 10 cons: SEQUENCE 112:d=9 hl=2 l= 3 prim: OBJECT:organizationalUnitName 117:d=9 hl=2 l= 3 prim: PRINTABLESTRING :xxx 122:d=7 hl=2 l= 21 cons: SET 124:d=8 hl=2 l= 19 cons: SEQUENCE 126:d=9 hl=2 l= 3 prim: OBJECT:commonName 131:d=9 hl=2 l= 12 prim: PRINTABLESTRING : 145:d=7 hl=2 l= 42 cons: SET 147:d=8 hl=2 l= 40 cons: SEQUENCE 149:d=9 hl=2 l= 9 prim: OBJECT:emailAddress 160:d=9 hl=2 l= 27 prim: IA5STRING :[EMAIL PROTECTED] 189:d=6 hl=2 l= 1 prim: INTEGER :1C 192:d=5 hl=2 l= 13 cons: SEQUENCE 194:d=6 hl=2 l= 9 prim: OBJECT:rsaEncryption 205:d=6 hl=2 l= 0 prim: NULL 207:d=5 hl=3 l= 128 prim: OCTET STRING 338:d=3 hl=4 l=56888 cons: SEQUENCE 342:d=4 hl=2 l= 9 prim: OBJECT:pkcs7-data 353:d=4 hl=2 l= 15 cons: SEQUENCE 355:d=5 hl=2 l= 8 prim: OBJECT:rc2-cbc 365:d=5 hl=2 l= 3 cons: SEQUENCE 367:d=6 hl=2 l= 1 prim: INTEGER :3A 370:d=4 hl=4 l=56856 prim: cont [ 0 ] The block beyond 370 is not ASN.1 (which I understand is OK, according to S/MIME). OK, what does: openssl pkcs7 -inform DER -in file.der do? Do you get an error or just the PEM output? Also what version of OpenSSL are you using? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk
Re: RE(2): Re(2): Decryption Problem
On Sun, Mar 06, 2005, Peter Cope wrote: I'm using openssl 0.9.7e on Unix (The example output below is from Windows version of openssl [a 0.9.7X derived binary version from stunnel.org], but is consistent with AIX version as regards the failure. I will repeat this tomorrow when I have access to the Unix box if that helps). openssl pkcs7 -inform DER -in file.der This outputs a PEM file (topped and tailed with the '-- PKCS7 -' line) *But* openssl smime -decrypt -in file.der -inform DER -recip cert.pem -inkey private.pem gives Error decrypting PKCS#7 structure 172:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:140: 172:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:crypto/asn1/tasn_dec.c:935: 172:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:crypto/asn1/tasn_dec.c:628: 172:error:0D08606D:asn1 encoding routines:ASN1_TYPE_get_int_octetstring:data is wrong:crypto/asn1/evp_asn1.c:179: 172:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:crypto/pkcs7/pk7_smime.c:414: (If the file.der originated from one of our own computers, using the same public key to encrypt then the above decrypt line works). [If I redirect the output from the pkcs7 line into say fred.pem, and try decrypting this (using -in fred.pem -inform PEM ) naturally get the same error.] It may be our client is doing something wrong, but as with any interoperability testing I always assume the fault is my end until I have proof it isn't. Ah, that explains it. Going back to your output from asn1parse: 355:d=5 hl=2 l= 8 prim: OBJECT:rc2-cbc 365:d=5 hl=2 l= 3 cons: SEQUENCE 367:d=6 hl=2 l= 1 prim: INTEGER :3A what this should be is an AlgorithmIdentifier structure. The parameter field (second and third lines) should be: RC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER, iv OCTET STRING } -- exactly 8 octets as you can see the 'iv' parameter is missing. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Re(2): Decryption Problem
On Fri, Mar 04, 2005, Peter Cope wrote: Steve, sorry forget to include the asn1parse output ... I've X'd out sensitive stuff: 0:d=0 hl=4 l=57226 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT:pkcs7-envelopedData 15:d=1 hl=4 l=57211 cons: cont [ 0 ] 19:d=2 hl=4 l=57207 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :00 26:d=3 hl=4 l= 308 cons: SET 30:d=4 hl=4 l= 304 cons: SEQUENCE 34:d=5 hl=2 l= 1 prim: INTEGER :00 37:d=5 hl=3 l= 152 cons: SEQUENCE 40:d=6 hl=3 l= 146 cons: SEQUENCE 43:d=7 hl=2 l= 11 cons: SET 45:d=8 hl=2 l= 9 cons: SEQUENCE 47:d=9 hl=2 l= 3 prim: OBJECT:countryName 52:d=9 hl=2 l= 2 prim: PRINTABLESTRING :GB 56:d=7 hl=2 l= 19 cons: SET 58:d=8 hl=2 l= 17 cons: SEQUENCE 60:d=9 hl=2 l= 3 prim: OBJECT:stateOrProvinceName 65:d=9 hl=2 l= 10 prim: PRINTABLESTRING :XX 77:d=7 hl=2 l= 15 cons: SET 79:d=8 hl=2 l= 13 cons: SEQUENCE 81:d=9 hl=2 l= 3 prim: OBJECT:localityName 86:d=9 hl=2 l= 6 prim: PRINTABLESTRING :XX 94:d=7 hl=2 l= 12 cons: SET 96:d=8 hl=2 l= 10 cons: SEQUENCE 98:d=9 hl=2 l= 3 prim: OBJECT:organizationName 103:d=9 hl=2 l= 3 prim: PRINTABLESTRING :XXX 108:d=7 hl=2 l= 12 cons: SET 110:d=8 hl=2 l= 10 cons: SEQUENCE 112:d=9 hl=2 l= 3 prim: OBJECT:organizationalUnitName 117:d=9 hl=2 l= 3 prim: PRINTABLESTRING :xxx 122:d=7 hl=2 l= 21 cons: SET 124:d=8 hl=2 l= 19 cons: SEQUENCE 126:d=9 hl=2 l= 3 prim: OBJECT:commonName 131:d=9 hl=2 l= 12 prim: PRINTABLESTRING : 145:d=7 hl=2 l= 42 cons: SET 147:d=8 hl=2 l= 40 cons: SEQUENCE 149:d=9 hl=2 l= 9 prim: OBJECT:emailAddress 160:d=9 hl=2 l= 27 prim: IA5STRING :[EMAIL PROTECTED] 189:d=6 hl=2 l= 1 prim: INTEGER :1C 192:d=5 hl=2 l= 13 cons: SEQUENCE 194:d=6 hl=2 l= 9 prim: OBJECT:rsaEncryption 205:d=6 hl=2 l= 0 prim: NULL 207:d=5 hl=3 l= 128 prim: OCTET STRING 338:d=3 hl=4 l=56888 cons: SEQUENCE 342:d=4 hl=2 l= 9 prim: OBJECT:pkcs7-data 353:d=4 hl=2 l= 15 cons: SEQUENCE 355:d=5 hl=2 l= 8 prim: OBJECT:rc2-cbc 365:d=5 hl=2 l= 3 cons: SEQUENCE 367:d=6 hl=2 l= 1 prim: INTEGER :3A 370:d=4 hl=4 l=56856 prim: cont [ 0 ] The block beyond 370 is not ASN.1 (which I understand is OK, according to S/MIME). OK, what does: openssl pkcs7 -inform DER -in file.der do? Do you get an error or just the PEM output? Also what version of OpenSSL are you using? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Decryption Problem
Firstly I've searched the FAQ's and Google'd and not found an answer. I'll describe the scenario and hope someone can shed some light! Machine-1: Generates keys/certs (Self Cert CA). This is a UNIX (well AIX) box, and runs openssl (latest release). Keys/Certs are distributed to a number of PC's as P12's. (since they use outlook) and also to a external client. Using this public key Machine-2 (Outlook) can sign+encrypt and send to Machine-1 which can decrypt and verify. So OK. Using this public key our client (using Chilkatsoft ... not familiar with this) and send to Machine-2 which can decrypt and verify. So OK. and also sends to Machine-1 which can't decrypt it. Complains about ASN.1 header length being incorrect. So here is my problem. Examination of the ASN.1 (by hand as well as asn1parse) shows that pkcs7-data part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in size (this isn't itself structured .. unlikethe des3-ede3-cbc produced by default by openssl). I've tried detaching this data to see if anything can make sense of it, but no. Anyone got any ideas, I'm assuming I'm missing a point somewhere! Peter Cope
Re: Decryption Problem
On Fri, Mar 04, 2005, Peter Cope wrote: Firstly I've searched the FAQ's and Google'd and not found an answer. I'll describe the scenario and hope someone can shed some light! Machine-1: Generates keys/certs (Self Cert CA). This is a UNIX (well AIX) box, and runs openssl (latest release). Keys/Certs are distributed to a number of PC's as P12's. (since they use outlook) and also to a external client. Using this public key Machine-2 (Outlook) can sign+encrypt and send to Machine-1 which can decrypt and verify. So OK. Using this public key our client (using Chilkatsoft ... not familiar with this) and send to Machine-2 which can decrypt and verify. So OK. and also sends to Machine-1 which can't decrypt it. Complains about ASN.1 header length being incorrect. So here is my problem. Examination of the ASN.1 (by hand as well as asn1parse) shows that pkcs7-data part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in size (this isn't itself structured .. unlike the des3-ede3-cbc produced by default by openssl). I've tried detaching this data to see if anything can make sense of it, but no. Anyone got any ideas, I'm assuming I'm missing a point somewhere! Hard to say without the file that OpenSSL doesn't like or the output of asn1parse. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re(2): Decryption Problem
Steve, sorry forget to include the asn1parse output ... I've X'd out sensitive stuff: 0:d=0 hl=4 l=57226 cons: SEQUENCE 4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData 15:d=1 hl=4 l=57211 cons: cont [ 0 ] 19:d=2 hl=4 l=57207 cons: SEQUENCE 23:d=3 hl=2 l= 1 prim: INTEGER :00 26:d=3 hl=4 l= 308 cons: SET 30:d=4 hl=4 l= 304 cons: SEQUENCE 34:d=5 hl=2 l= 1 prim: INTEGER :00 37:d=5 hl=3 l= 152 cons: SEQUENCE 40:d=6 hl=3 l= 146 cons: SEQUENCE 43:d=7 hl=2 l= 11 cons: SET 45:d=8 hl=2 l= 9 cons: SEQUENCE 47:d=9 hl=2 l= 3 prim: OBJECT :countryName 52:d=9 hl=2 l= 2 prim: PRINTABLESTRING :GB 56:d=7 hl=2 l= 19 cons: SET 58:d=8 hl=2 l= 17 cons: SEQUENCE sp; 60:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 65:d=9 hl=2 l= 10 prim: PRINTABLESTRING :XX 77:d=7 hl=2 l= 15 cons: SET 79:d=8 hl=2 l= 13 cons: SEQUENCE 81:d=9 hl=2 l= 3 prim: OBJECT :localityName 86:d=9 hl=2 l= 6 prim: PRINTABLESTRING :XX 94:d=7 hl=2 l= 12 cons: SET 96:d=8 hl=2 l= 10 cons: SEQUENCE bsp; 98:d=9 hl=2 l= 3 prim: OBJECT :organizationName 103:d=9 hl=2 l= 3 prim: PRINTABLESTRING :XXX 108:d=7 hl=2 l= 12 cons: SET 110:d=8 hl=2 l= 10 cons: SEQUENCE 112:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 117:d=9 hl=2 l= 3 prim: PRINTABLESTRING :xxx 122:d=7 hl=2 l= 21 cons: SET 124:d=8 hl=2 l= 19 cons: SEQUENCE 126:d=9 hl=2 l= 3 prim: OBJECT :commonName 131:d=9 hl=2 l= 12 prim: PRINTABLESTRING : 145:d=7 hl=2 l= 42 cons: SET 147:d=8 hl=2 l= 40 cons: SEQUENCE 149:d=9 hl=2 l= 9 prim: OBJECT :emailAddress 160:d=9 hl=2 l= 27 prim: IA5STRING :[EMAIL PROTECTED] 189:d=6 hl=2 l= 1 prim: INTEGER :1C 192:d=5 hl=2 l= 13 cons: SEQUENCE 194:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption 205:d=6 hl=2 l= 0 prim: NULL 207:d=5 hl=3 l= 128 prim: OCTET STRING 338:d=3 hl=4 l=56888 cons: SEQUENCE 342:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 353:d=4 hl=2 l= 15 cons: SEQUENCE 355:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 365:d=5 hl=2 l= 3 cons: SEQUENCE 367:d=6 hl=2 l= 1 prim: INTEGER :3A 370:d=4 hl=4 l=56856 prim: cont [ 0 ] The block beyond 370 is not ASN.1 (which I understand is OK, according to S/MIME). Peter "Dr. Stephen Henson" [EMAIL PROTECTED] wrote: On Fri, Mar 04, 2005, Peter Cope wrote: Firstly I've searched the FAQ's and Google'd and not found an answer. I'll describe the scenario and hope someone can shed some light! Machine-1: Generates keys/certs (Self Cert CA). This is a UNIX (well AIX) box, and runs openssl (latest release). Keys/Certs are distributed to a number of PC's as P12's. (since they use outlook) and also to a external client. Using this public key Machine-2 (Outlook) can sign+encrypt and send to Machine-1 which can decrypt and verify. So OK. Using this public key our client (using Chilkatsoft ... not familiar with this) and send to Machine-2 which can decrypt and verify. So OK. and also sends to Machine-1 which can't decrypt it. Complains about ASN.1 header length being incorrect. So here is my problem. Examination of the ASN.1 (by ha nd as well as asn1parse) shows that pkcs7-data part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in size (this isn't itself structured .. unlike the des3-ede3-cbc produced by default by openssl). I've tried detaching this data to see if anything can make sense of it, but no. Anyone got any ideas, I'm assuming I'm missing a point somewhere! Hard to say without the file that OpenSSL doesn't like or the output ofasn1parse.Steve.--Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepageOpenSSL project core developer and freelance consultant.Funding needed! Details on homepage.Homepage: http://www.drh-consultancy.demon.co.uk__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]
RSA decryption problem
Hi, I have implemented a simple TCP client and server processes such that..server generates the RSA keys and send the public modulus and public exponent to the client. The client process uses these values to encrypt a user entered string and sends it back to server. The server then decrypts the string and outputs the decrypted string. I have used the crypto API in openSSL for generating the key, encryption and decryption. But, when the encrypted string is sent to the server, not always the decryption is successful. Some times I get an error 11768:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:481:. On some further research I found out that I get the error only when the encrypted string length is less than 128 bytes. When the length of the encypted string is 128, all is fine. I haven't seen a encrypted string greater than 128 till now __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA encryption and decryption problem.....
Dear Mr., Thanks for your time reading this. I use the crypto library in openssl-0.9.6b.tar.gz, and configure into VC-WIN32. After setting up and compling, every thing works fine with the XXXtest.exe in out32dll directory. Then I try to use the file demos\eay\loadrsa.c and it works. I try to use pub_rsa and priv_rsa as paramter to test RSA_public_encrypt() and RSA_private_decrypt(), but it always return -1. I try to encrypt first 64 bytes data and decrypt it, butseem wrong. Do I use the functions in wrong ways? May I ask what's the different between RSA_PKCS1_PADDING, RSA_SSLV23_PADDING, RSA_NO_PADDING, and RSA_PKCS1_OAEP_PADDING padding method? If I change the padding in below codes, it will always return -1. Are there any demo file for using EVP functions? Or, are there any other convienent method to use varios encrypt? Here are the added code and output, thanks for your kindly help! Yours, Mars Lin = static unsigned char msg[]=TEST_DATA_FOR_RSA_1231490sdf0anzjhlkjhasjdfh102931u04u102_TESTING; unsigned char *to, *from; BIO *out; out = BIO_new(BIO_s_file()); if (out == NULL) return -1; BIO_set_fp(out,stdout,BIO_NOCLOSE); ... p=buf; pub_rsa=d2i_RSAPublicKey(NULL,p,(long)len); len-=(p-buf); priv_rsa=d2i_RSAPrivateKey(NULL,p,(long)len); if ((pub_rsa == NULL) || (priv_rsa == NULL)) ERR_print_errors(out); RSA_print(out, pub_rsa, 0); RSA_print(out, priv_rsa, 0); to = OPENSSL_malloc(RSA_size(pub_rsa)); from = msg; BIO_printf(out, original:\n%s\n, from); memset(to,0,strlen(to)); ret = 0; if (RSA_size(pub_rsa)!=RSA_size(priv_rsa)) BIO_puts(out, Different size..\n); BIO_printf(out, mod size: %i\n, RSA_size(pub_rsa)); BIO_printf(out, data length: %i\n, strlen(msg)); ret=RSA_public_encrypt(RSA_size(pub_rsa), from, to, pub_rsa, RSA_NO_PADDING); if (ret == -1) { ERR_print_errors(out); } BIO_printf(out, %s\n, to); BIO_printf(out, ret: %i\n,ret); ret=RSA_private_decrypt(RSA_size(priv_rsa), to, result, priv_rsa, RSA_NO_PADDING); if (ret == -1) { ERR_print_errors(out); } buf[ret]='\0'; BIO_printf(out, %s\n, buf); BIO_printf(out, ret: %i\n,ret); RSA_free(pub_rsa); RSA_free(priv_rsa); return 0; = OUTPUT: original: TEST_DATA_FOR_RSA_1231490sdfja;l0901238lkjasdfsdf0anzjhlkjhasjdfh102931u04u1 02_TESTING mod size: 64 data length: 86 ?n?ÇZ?W£ªIȺ_¤Ä;jFR²æ2©æi0}???ÿpTD ret: 64 0HA ret: 64 = __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]