Decryption problem

[Michael D'Errico]

I'm having a problem where after encrypting data and
then decrypting it, the result is a few bytes of
garbage (probably one block), and then the rest of
the data is the same as the original.  I'm using
EVP_Seal* and EVP_Open* to perform the encryption.
I tested with AES, DESX, and blowfish, and all have
garbage at the beginning of the output.
I've been thru the code several times, and checked
that the initialization vector is the same when
encrypting and decrypting.  Since I am getting most
of the data back, I must be recovering the session
key correctly.
Has anybody run into this sort of thing before?
Do you have any suggestions?
Thanks,
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Decryption problem

[Michael D'Errico]

I forgot to mention that this happens with CBC and CFB
modes; OFB gives all garbage, but I'm hopeful that
fixing CBC and CFB modes will also fix OFB mode.
I am using OpenSSL 0.9.7f on mingw.
Mike
Michael D'Errico wrote:
I'm having a problem where after encrypting data and
then decrypting it, the result is a few bytes of
garbage (probably one block), and then the rest of
the data is the same as the original.  I'm using
EVP_Seal* and EVP_Open* to perform the encryption.
I tested with AES, DESX, and blowfish, and all have
garbage at the beginning of the output.
I've been thru the code several times, and checked
that the initialization vector is the same when
encrypting and decrypting.  Since I am getting most
of the data back, I must be recovering the session
key correctly.
Has anybody run into this sort of thing before?
Do you have any suggestions?
Thanks,
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Decryption problem

[Michael D'Errico]

Turns out there is wrong information in Network Security
with OpenSSL about using EVP_SealInit.  It indicates
that you are to pass in an init vector, but EVP_SealInit
generates one and passes it back to the caller.  Once I
figured this out, I got everything to work.
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re(2): RE(2): Re(2): Decryption Problem

[Peter Cope]

Steve

Many thanks for this; I should have persevered with delving into the relevant RFC’s and checking the ASN.1 was valid and well formed. So I’m assuming Outlook is “tolerant” (to some extent) of ‘badly formed’ ASN.1 whereas openssl adheres to the standards (which is how it should be). One other observation (I’m much more familiar with BER than DER, having had the pleasure and honour of working alongside Professors Chadwick [Mr X500] and Larmouth [Mr ASN1] in the 1980’s); openssl uses ‘unspecified length strings’ in the encoding, whereas the (errant) ASN.1 I posted uses ‘absolute length strings’, the question is (having not read the ISO standard for DER .. too expensive to buy) is this the only variable thing in the DER encoding? … because I thought DER, unlike BER, did a 1:1 encoding so you could use the diff
  command
 (et al) to compare two independent encodings of the same thing. Just wondering, enquiring minds etc ;-) 

Once again many thanks.
Peter

"Dr. Stephen Henson" [EMAIL PROTECTED] wrote:
On Sun, Mar 06, 2005, Peter Cope wrote:  I'm using openssl 0.9.7e on Unix (The example output below is from Windows version of openssl [a 0.9.7X derived binary version from stunnel.org], but is consistent with AIX version as regards the failure. I will repeat this tomorrow when I have access to the Unix box if that helps).  openssl pkcs7 -inform DER -in file.der  This outputs a PEM file (topped and tailed with the '--  PKCS7 -' line)  *But*   openssl smime -decrypt -in file.der -inform DER -recip cert.pem -inkey private.pem  gives  Error decrypting PKCS#7 structure 172:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:140: 172:error:0D068066:asn1
 encoding routines:ASN1_CHECK_TLEN:bad object header:crypto/asn1/tasn_dec.c:935: 172:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:crypto/asn1/tasn_dec.c:628: 172:error:0D08606D:asn1 encoding routines:ASN1_TYPE_get_int_octetstring:data is wrong:crypto/asn1/evp_asn1.c:179: 172:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:crypto/pkcs7/pk7_smime.c:414:  (If the file.der originated from one of our own computers, using the same public key to encrypt then the above decrypt line works).  [If I redirect the output from the pkcs7 line into say fred.pem, and try decrypting this (using -in fred.pem -inform PEM ) naturally get the same error.]  It may be our client is doing something wrong, but as with any interoperability testing I always assume the fault is my end until I have proof it isn't.
 Ah, that explains it. Going back to your output from asn1parse:355:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc365:d=5 hl=2 l= 3 cons: SEQUENCE367:d=6 hl=2 l= 1 prim: INTEGER :3Awhat this should be is an AlgorithmIdentifier structure. The parameter field(second and third lines) should be:RC2CBCParameter ::= SEQUENCE {rc2ParameterVersion INTEGER,iv OCTET STRING } -- exactly 8 octetsas you can see the 'iv' parameter is missing.Steve.--Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepageOpenSSL project core developer and freelance consultant.Funding needed! Details on homepage.Homepage: http://www.drh-consultancy.demon.co.uk__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]

Re: Re(2): RE(2): Re(2): Decryption Problem

[Dr. Stephen Henson]

On Mon, Mar 07, 2005, Peter Cope wrote:

 
 Steve
 
  
 
 Many thanks for this; I should have persevered with delving into the
 relevant RFC’s and checking the ASN.1 was valid and well formed.  So I’m
 assuming Outlook is “tolerant” (to some extent) of ‘badly formed’ ASN.1
 whereas openssl adheres to the standards (which is how it should be).  One
 other observation (I’m much more familiar with BER than DER, having had the
 pleasure and honour of working alongside Professors Chadwick [Mr X500] and
 Larmouth [Mr ASN1] in the 1980’s); openssl uses ‘unspecified length
 strings’ in the encoding, whereas the (errant) ASN.1 I posted uses
 ‘absolute length strings’, the question is (having not read the ISO
 standard for DER .. too expensive to buy) is this the only variable thing in
 the DER encoding? … because I thought DER, unlike BER, did a 1:1 encoding
 so you could use the diff command (et al) to compare two independent
 encodings of the same thing.  Just wondering, enquiring minds etc ;-) 
 
  

OpenSSL uses DER for just about everything when encoding ASN1 whereas
the decoder will tolerate DER or BER. 

There are some hooks for BER and streaming S/MIME in OpenSSL 0.9.8 but that's
only at an early stage and no one's really been that interested in it at
present. 

I'm not sure what Outlook is doing with that structure. Many ASN1 compilers
would reject something like that. There isn't an IV either though it may be
using all zeroes.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Re(2): RE(2): Re(2): Decryption Problem

[Pablo J Royo]

 There are some hooks for BER and streaming S/MIME in OpenSSL 0.9.8 but
that's
 only at an early stage and no one's really been that interested in it at
 present.

My program has to handle big PKCS7 files, so I´d be very interested in that
streaming.
I had to modify PKCS7_doit( ) routines to do that with *detached*
signatures/envelopes, so I can create/read the big content apart from
signature in a loop without using up my RAM, but I would prefer to leave
that work to OpenSSL internals.
But, in case a big *non-detached* PKCS7 is generated (maybe this is nowadays
more usual), I have no option but to load all big content in memory because
the internal d2i_XXX, i2d_XXX routines use only memory pointers. Something
as a stream BIO  instead of pointers could be a solution.




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE(2): Re(2): Decryption Problem

[Peter Cope]

I'm using openssl 0.9.7e on Unix (The example output below is from Windows
version of openssl [a 0.9.7X derived binary version from stunnel.org], but
is consistent with AIX version as regards the failure.  I will repeat this
tomorrow when I have access to the Unix box if that helps).

openssl pkcs7 -inform DER -in file.der

This outputs a PEM file (topped and tailed with the  '--  PKCS7
-' line)

*But* 

openssl smime -decrypt -in file.der -inform DER -recip cert.pem -inkey
private.pem

gives

Error decrypting PKCS#7 structure
172:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
long:crypto/asn1/asn1_lib.c:140:
172:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:crypto/asn1/tasn_dec.c:935:
172:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1
error:crypto/asn1/tasn_dec.c:628:
172:error:0D08606D:asn1 encoding routines:ASN1_TYPE_get_int_octetstring:data
is wrong:crypto/asn1/evp_asn1.c:179:
172:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
error:crypto/pkcs7/pk7_smime.c:414:

(If the file.der originated from one of our own computers, using the same
public key to encrypt then the above decrypt line works).

[If I redirect the output from the pkcs7 line into say fred.pem, and try
decrypting this (using -in fred.pem -inform PEM ) naturally get the same
error.]

It may be our client is doing something wrong, but as with any
interoperability testing I always assume the fault is my end until I have
proof it isn't.

Peter





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: 06 March 2005 01:13
To: openssl-users@openssl.org
Subject: Re: Re(2): Decryption Problem

On Fri, Mar 04, 2005, Peter Cope wrote:

 Steve, sorry forget to include the asn1parse output ...
  
 I've X'd out sensitive stuff:
  
 0:d=0  hl=4 l=57226 cons: SEQUENCE  
 4:d=1  hl=2 l=   9 prim: OBJECT:pkcs7-envelopedData
15:d=1  hl=4 l=57211 cons: cont [ 0 ]
19:d=2  hl=4 l=57207 cons: SEQUENCE  
23:d=3  hl=2 l=   1 prim: INTEGER   :00
26:d=3  hl=4 l= 308 cons: SET   
30:d=4  hl=4 l= 304 cons: SEQUENCE  
34:d=5  hl=2 l=   1 prim: INTEGER   :00
37:d=5  hl=3 l= 152 cons: SEQUENCE  
40:d=6  hl=3 l= 146 cons: SEQUENCE  
43:d=7  hl=2 l=  11 cons: SET   
45:d=8  hl=2 l=   9 cons: SEQUENCE  
47:d=9  hl=2 l=   3 prim: OBJECT:countryName
52:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :GB
56:d=7  hl=2 l=  19 cons: SET   
58:d=8  hl=2 l=  17 cons: SEQUENCE  
60:d=9  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
65:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :XX
77:d=7  hl=2 l=  15 cons: SET   
79:d=8  hl=2 l=  13 cons: SEQUENCE  
81:d=9  hl=2 l=   3 prim: OBJECT:localityName
86:d=9  hl=2 l=   6 prim: PRINTABLESTRING   :XX
94:d=7  hl=2 l=  12 cons: SET   
96:d=8  hl=2 l=  10 cons: SEQUENCE  
98:d=9  hl=2 l=   3 prim: OBJECT:organizationName
   103:d=9  hl=2 l=   3 prim: PRINTABLESTRING   :XXX
   108:d=7  hl=2 l=  12 cons: SET   
   110:d=8  hl=2 l=  10 cons: SEQUENCE  
   112:d=9  hl=2 l=   3 prim: OBJECT:organizationalUnitName
   117:d=9  hl=2 l=   3 prim: PRINTABLESTRING   :xxx
   122:d=7  hl=2 l=  21 cons: SET   
   124:d=8  hl=2 l=  19 cons: SEQUENCE  
   126:d=9  hl=2 l=   3 prim: OBJECT:commonName
   131:d=9  hl=2 l=  12 prim: PRINTABLESTRING   :
   145:d=7  hl=2 l=  42 cons: SET   
   147:d=8  hl=2 l=  40 cons: SEQUENCE  
   149:d=9  hl=2 l=   9 prim: OBJECT:emailAddress
   160:d=9  hl=2 l=  27 prim: IA5STRING
:[EMAIL PROTECTED]
   189:d=6  hl=2 l=   1 prim: INTEGER   :1C
   192:d=5  hl=2 l=  13 cons: SEQUENCE  
   194:d=6  hl=2 l=   9 prim: OBJECT:rsaEncryption
   205:d=6  hl=2 l=   0 prim: NULL  
   207:d=5  hl=3 l= 128 prim: OCTET STRING  
   338:d=3  hl=4 l=56888 cons: SEQUENCE  
   342:d=4  hl=2 l=   9 prim: OBJECT:pkcs7-data
   353:d=4  hl=2 l=  15 cons: SEQUENCE  
   355:d=5  hl=2 l=   8 prim: OBJECT:rc2-cbc
   365:d=5  hl=2 l=   3 cons: SEQUENCE  
   367:d=6  hl=2 l=   1 prim: INTEGER   :3A
   370:d=4  hl=4 l=56856 prim: cont [ 0 ]
 
 The block beyond 370 is not ASN.1 (which I understand is OK, according to
S/MIME).
  

OK, what does:

openssl pkcs7 -inform DER -in file.der

do? Do you get an error or just the PEM output? Also what version of OpenSSL
are you using?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL
project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk

Re: RE(2): Re(2): Decryption Problem

[Dr. Stephen Henson]

On Sun, Mar 06, 2005, Peter Cope wrote:

 
 I'm using openssl 0.9.7e on Unix (The example output below is from Windows
 version of openssl [a 0.9.7X derived binary version from stunnel.org], but
 is consistent with AIX version as regards the failure.  I will repeat this
 tomorrow when I have access to the Unix box if that helps).
 
 openssl pkcs7 -inform DER -in file.der
 
 This outputs a PEM file (topped and tailed with the  '--  PKCS7
 -' line)
 
 *But* 
 
 openssl smime -decrypt -in file.der -inform DER -recip cert.pem -inkey
 private.pem
 
 gives
 
 Error decrypting PKCS#7 structure
 172:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too
 long:crypto/asn1/asn1_lib.c:140:
 172:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
 header:crypto/asn1/tasn_dec.c:935:
 172:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1
 error:crypto/asn1/tasn_dec.c:628:
 172:error:0D08606D:asn1 encoding routines:ASN1_TYPE_get_int_octetstring:data
 is wrong:crypto/asn1/evp_asn1.c:179:
 172:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt
 error:crypto/pkcs7/pk7_smime.c:414:
 
 (If the file.der originated from one of our own computers, using the same
 public key to encrypt then the above decrypt line works).
 
 [If I redirect the output from the pkcs7 line into say fred.pem, and try
 decrypting this (using -in fred.pem -inform PEM ) naturally get the same
 error.]
 
 It may be our client is doing something wrong, but as with any
 interoperability testing I always assume the fault is my end until I have
 proof it isn't.
 

Ah, that explains it. Going back to your output from asn1parse:

  355:d=5  hl=2 l=   8 prim: OBJECT:rc2-cbc
  365:d=5  hl=2 l=   3 cons: SEQUENCE
  367:d=6  hl=2 l=   1 prim: INTEGER   :3A

what this should be is an AlgorithmIdentifier structure. The parameter field
(second and third lines) should be:

  RC2CBCParameter ::= SEQUENCE {
rc2ParameterVersion INTEGER,
iv OCTET STRING  }  -- exactly 8 octets

as you can see the 'iv' parameter is missing.
  
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Re(2): Decryption Problem

[Dr. Stephen Henson]

On Fri, Mar 04, 2005, Peter Cope wrote:

 Steve, sorry forget to include the asn1parse output ...
  
 I've X'd out sensitive stuff:
  
 0:d=0  hl=4 l=57226 cons: SEQUENCE  
 4:d=1  hl=2 l=   9 prim: OBJECT:pkcs7-envelopedData
15:d=1  hl=4 l=57211 cons: cont [ 0 ]
19:d=2  hl=4 l=57207 cons: SEQUENCE  
23:d=3  hl=2 l=   1 prim: INTEGER   :00
26:d=3  hl=4 l= 308 cons: SET   
30:d=4  hl=4 l= 304 cons: SEQUENCE  
34:d=5  hl=2 l=   1 prim: INTEGER   :00
37:d=5  hl=3 l= 152 cons: SEQUENCE  
40:d=6  hl=3 l= 146 cons: SEQUENCE  
43:d=7  hl=2 l=  11 cons: SET   
45:d=8  hl=2 l=   9 cons: SEQUENCE  
47:d=9  hl=2 l=   3 prim: OBJECT:countryName
52:d=9  hl=2 l=   2 prim: PRINTABLESTRING   :GB
56:d=7  hl=2 l=  19 cons: SET   
58:d=8  hl=2 l=  17 cons: SEQUENCE  
60:d=9  hl=2 l=   3 prim: OBJECT:stateOrProvinceName
65:d=9  hl=2 l=  10 prim: PRINTABLESTRING   :XX
77:d=7  hl=2 l=  15 cons: SET   
79:d=8  hl=2 l=  13 cons: SEQUENCE  
81:d=9  hl=2 l=   3 prim: OBJECT:localityName
86:d=9  hl=2 l=   6 prim: PRINTABLESTRING   :XX
94:d=7  hl=2 l=  12 cons: SET   
96:d=8  hl=2 l=  10 cons: SEQUENCE  
98:d=9  hl=2 l=   3 prim: OBJECT:organizationName
   103:d=9  hl=2 l=   3 prim: PRINTABLESTRING   :XXX
   108:d=7  hl=2 l=  12 cons: SET   
   110:d=8  hl=2 l=  10 cons: SEQUENCE  
   112:d=9  hl=2 l=   3 prim: OBJECT:organizationalUnitName
   117:d=9  hl=2 l=   3 prim: PRINTABLESTRING   :xxx
   122:d=7  hl=2 l=  21 cons: SET   
   124:d=8  hl=2 l=  19 cons: SEQUENCE  
   126:d=9  hl=2 l=   3 prim: OBJECT:commonName
   131:d=9  hl=2 l=  12 prim: PRINTABLESTRING   :
   145:d=7  hl=2 l=  42 cons: SET   
   147:d=8  hl=2 l=  40 cons: SEQUENCE  
   149:d=9  hl=2 l=   9 prim: OBJECT:emailAddress
   160:d=9  hl=2 l=  27 prim: IA5STRING :[EMAIL PROTECTED]
   189:d=6  hl=2 l=   1 prim: INTEGER   :1C
   192:d=5  hl=2 l=  13 cons: SEQUENCE  
   194:d=6  hl=2 l=   9 prim: OBJECT:rsaEncryption
   205:d=6  hl=2 l=   0 prim: NULL  
   207:d=5  hl=3 l= 128 prim: OCTET STRING  
   338:d=3  hl=4 l=56888 cons: SEQUENCE  
   342:d=4  hl=2 l=   9 prim: OBJECT:pkcs7-data
   353:d=4  hl=2 l=  15 cons: SEQUENCE  
   355:d=5  hl=2 l=   8 prim: OBJECT:rc2-cbc
   365:d=5  hl=2 l=   3 cons: SEQUENCE  
   367:d=6  hl=2 l=   1 prim: INTEGER   :3A
   370:d=4  hl=4 l=56856 prim: cont [ 0 ]
 
 The block beyond 370 is not ASN.1 (which I understand is OK, according to 
 S/MIME).
  

OK, what does:

openssl pkcs7 -inform DER -in file.der

do? Do you get an error or just the PEM output? Also what version of OpenSSL
are you using?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Decryption Problem

[Peter Cope]

Firstly I've searched the FAQ's and Google'd and not found an answer. I'll describe the scenario and hope someone can shed some light!

Machine-1: Generates keys/certs (Self Cert CA). This is a UNIX (well AIX) box, and runs openssl (latest release). Keys/Certs are distributed to a number of PC's as P12's. (since they use outlook) and also to a external client.

Using this public key Machine-2 (Outlook) can sign+encrypt and send to Machine-1 which can decrypt and verify. So OK.
Using this public key our client (using Chilkatsoft ... not familiar with this) and send to Machine-2 which can decrypt and verify. So OK. and also sends to Machine-1 which can't decrypt it. Complains about ASN.1 header length being incorrect. So here is my problem.

Examination of the ASN.1 (by hand as well as asn1parse) shows that pkcs7-data part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in size (this isn't itself structured .. unlikethe des3-ede3-cbc produced by default by openssl). I've tried detaching this data to see if anything can make sense of it, but no.

Anyone got any ideas, I'm assuming I'm missing a point somewhere!

Peter Cope

Re: Decryption Problem

[Dr. Stephen Henson]

On Fri, Mar 04, 2005, Peter Cope wrote:

 Firstly I've searched the FAQ's and Google'd and not found an answer.  I'll 
 describe the scenario and hope someone can shed some light!
  
 Machine-1: Generates keys/certs (Self Cert CA).  This is a UNIX (well AIX) 
 box, and runs openssl (latest release).  Keys/Certs are distributed to a 
 number of PC's as P12's. (since they use outlook) and also to a external 
 client.
  
 Using this public key Machine-2 (Outlook) can sign+encrypt and send to 
 Machine-1 which can decrypt and verify. So OK.
 Using this public key our client (using Chilkatsoft ... not familiar with 
 this) and send to Machine-2 which can decrypt and verify. So OK. and also 
 sends to Machine-1 which can't decrypt it.  Complains about ASN.1 header 
 length being incorrect.  So here is my problem.
  
 Examination of the ASN.1 (by hand as well as asn1parse) shows that pkcs7-data 
 part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in 
 size (this isn't itself structured .. unlike the des3-ede3-cbc produced by 
 default by openssl).  I've tried detaching this data to see if anything can 
 make sense of it, but no.
  
 Anyone got any ideas, I'm assuming I'm missing a point somewhere!
  

Hard to say without the file that OpenSSL doesn't like or the output of
asn1parse.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re(2): Decryption Problem

[Peter Cope]

Steve, sorry forget to include the asn1parse output ...

I've X'd out sensitive stuff:

 0:d=0 hl=4 l=57226 cons: SEQUENCE  4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData 15:d=1 hl=4 l=57211 cons: cont [ 0 ]  19:d=2 hl=4 l=57207 cons: SEQUENCE  23:d=3 hl=2 l= 1 prim: INTEGER :00 26:d=3 hl=4 l= 308 cons: SET  30:d=4 hl=4 l= 304 cons: SEQUENCE  34:d=5 hl=2 l= 1 prim: INTEGER
 :00 37:d=5 hl=3 l= 152 cons: SEQUENCE  40:d=6 hl=3 l= 146 cons: SEQUENCE  43:d=7 hl=2 l= 11 cons: SET  45:d=8 hl=2 l= 9 cons: SEQUENCE  47:d=9 hl=2 l= 3 prim: OBJECT :countryName 52:d=9 hl=2 l= 2 prim: PRINTABLESTRING :GB 56:d=7 hl=2 l= 19 cons: SET  58:d=8 hl=2 l= 17 cons: SEQUENCE 
 sp;
 60:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 65:d=9 hl=2 l= 10 prim: PRINTABLESTRING :XX 77:d=7 hl=2 l= 15 cons: SET  79:d=8 hl=2 l= 13 cons: SEQUENCE  81:d=9 hl=2 l= 3 prim: OBJECT :localityName 86:d=9 hl=2 l= 6 prim: PRINTABLESTRING :XX 94:d=7 hl=2 l= 12 cons: SET  96:d=8 hl=2 l= 10 cons: SEQUENCE 
 bsp;
 98:d=9 hl=2 l= 3 prim: OBJECT :organizationName 103:d=9 hl=2 l= 3 prim: PRINTABLESTRING :XXX 108:d=7 hl=2 l= 12 cons: SET  110:d=8 hl=2 l= 10 cons: SEQUENCE  112:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName 117:d=9 hl=2 l= 3 prim: PRINTABLESTRING :xxx 122:d=7 hl=2 l= 21 cons: SET  124:d=8 hl=2 l= 19 cons: SEQUENCE  126:d=9 hl=2 l= 
 3 prim:
 OBJECT :commonName 131:d=9 hl=2 l= 12 prim: PRINTABLESTRING : 145:d=7 hl=2 l= 42 cons: SET  147:d=8 hl=2 l= 40 cons: SEQUENCE  149:d=9 hl=2 l= 9 prim: OBJECT :emailAddress 160:d=9 hl=2 l= 27 prim: IA5STRING :[EMAIL PROTECTED] 189:d=6 hl=2 l= 1 prim: INTEGER :1C 192:d=5 hl=2 l= 13 cons: SEQUENCE  194:d=6 hl=2 l= 9 prim:
 OBJECT :rsaEncryption 205:d=6 hl=2 l= 0 prim: NULL  207:d=5 hl=3 l= 128 prim: OCTET STRING  338:d=3 hl=4 l=56888 cons: SEQUENCE  342:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 353:d=4 hl=2 l= 15 cons: SEQUENCE  355:d=5 hl=2 l= 8 prim: OBJECT :rc2-cbc 365:d=5 hl=2 l= 3 cons: SEQUENCE  367:d=6 hl=2 l= 1 prim:
 INTEGER :3A 370:d=4 hl=4 l=56856 prim: cont [ 0 ] 
The block beyond 370 is not ASN.1 (which I understand is OK, according to S/MIME).

Peter




"Dr. Stephen Henson" [EMAIL PROTECTED] wrote:
On Fri, Mar 04, 2005, Peter Cope wrote: Firstly I've searched the FAQ's and Google'd and not found an answer. I'll describe the scenario and hope someone can shed some light!  Machine-1: Generates keys/certs (Self Cert CA). This is a UNIX (well AIX) box, and runs openssl (latest release). Keys/Certs are distributed to a number of PC's as P12's. (since they use outlook) and also to a external client.  Using this public key Machine-2 (Outlook) can sign+encrypt and send to Machine-1 which can decrypt and verify. So OK. Using this public key our client (using Chilkatsoft ... not familiar with this) and send to Machine-2 which can decrypt and verify. So OK. and also sends to Machine-1 which can't decrypt it. Complains about ASN.1 header length being incorrect. So here is my problem.  Examination of the ASN.1 (by ha
 nd as
 well as asn1parse) shows that pkcs7-data part uses 128-bit rc2-cbc, and is followed by a binary chunk of some 60k in size (this isn't itself structured .. unlike the des3-ede3-cbc produced by default by openssl). I've tried detaching this data to see if anything can make sense of it, but no.  Anyone got any ideas, I'm assuming I'm missing a point somewhere! Hard to say without the file that OpenSSL doesn't like or the output ofasn1parse.Steve.--Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepageOpenSSL project core developer and freelance consultant.Funding needed! Details on homepage.Homepage: http://www.drh-consultancy.demon.co.uk__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED]

RSA decryption problem

[murari]

Hi,

I have implemented a simple TCP client and server processes such that..server
generates the RSA keys and send the public modulus and public exponent to the
client. The client process uses these values to encrypt a user entered string
and sends it back to server. The server then decrypts the string and outputs
the decrypted string. I have used the crypto API in openSSL for generating the
key, encryption and decryption.

But, when the encrypted string is sent to the server, not always the decryption
is successful. Some times I get an error 11768:error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:rsa_eay.c:481:. On some
further research I found out that I get the error only when the encrypted
string length is less than 128 bytes. When the length of the encypted string is
128, all is fine. I haven't seen a encrypted string greater than 128 till now
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RSA encryption and decryption problem.....

[MARS.LIN]

Dear Mr.,

Thanks for your time reading this.

I use the crypto library in openssl-0.9.6b.tar.gz, and configure into
VC-WIN32.
After setting up and compling, every thing works fine with the XXXtest.exe
in out32dll directory.
Then I try to use the file demos\eay\loadrsa.c and it works.

I try to use pub_rsa and priv_rsa as paramter to test RSA_public_encrypt()
and RSA_private_decrypt(), but it always return -1.

I try to encrypt first 64 bytes data and decrypt it, butseem wrong.


Do I use the functions in wrong ways?

May I ask what's the different between RSA_PKCS1_PADDING,
RSA_SSLV23_PADDING, RSA_NO_PADDING, and RSA_PKCS1_OAEP_PADDING padding
method?
If I change the padding in below codes, it will always return -1.

Are there any demo file for using EVP functions?
Or, are there any other convienent method to use varios encrypt?

Here are the added code and output, thanks for your kindly help!

Yours,

Mars Lin

=
static unsigned char
msg[]=TEST_DATA_FOR_RSA_1231490sdf0anzjhlkjhasjdfh102931u04u102_TESTING;
unsigned char *to, *from;

BIO *out;
out = BIO_new(BIO_s_file());
if (out == NULL)
return -1;
BIO_set_fp(out,stdout,BIO_NOCLOSE);

...

p=buf;
pub_rsa=d2i_RSAPublicKey(NULL,p,(long)len);
len-=(p-buf);
priv_rsa=d2i_RSAPrivateKey(NULL,p,(long)len);

if ((pub_rsa == NULL) || (priv_rsa == NULL))
ERR_print_errors(out);

RSA_print(out, pub_rsa, 0);
RSA_print(out, priv_rsa, 0);

to = OPENSSL_malloc(RSA_size(pub_rsa));
from = msg;
BIO_printf(out, original:\n%s\n, from);
memset(to,0,strlen(to));
ret = 0;
if (RSA_size(pub_rsa)!=RSA_size(priv_rsa))
BIO_puts(out, Different size..\n);
BIO_printf(out, mod size: %i\n, RSA_size(pub_rsa));
BIO_printf(out, data length: %i\n, strlen(msg));

ret=RSA_public_encrypt(RSA_size(pub_rsa), from, to, pub_rsa,
RSA_NO_PADDING);
if (ret == -1)
{
ERR_print_errors(out);
}
BIO_printf(out, %s\n, to);
BIO_printf(out, ret: %i\n,ret);
ret=RSA_private_decrypt(RSA_size(priv_rsa), to, result, priv_rsa,
RSA_NO_PADDING);
if (ret == -1)
{
ERR_print_errors(out);
}
buf[ret]='\0';
BIO_printf(out, %s\n, buf);
BIO_printf(out, ret: %i\n,ret);

RSA_free(pub_rsa);
RSA_free(priv_rsa);

return 0;
=
OUTPUT:
original:
TEST_DATA_FOR_RSA_1231490sdfja;l0901238lkjasdfsdf0anzjhlkjhasjdfh102931u04u1
02_TESTING
mod size: 64
data length: 86
?n?ÇZ?W£ªIȺ_¤Ä;jFR²æ2©æi0}???ÿpTD
ret: 64
0HA
ret: 64
=

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]