Sounds a little confusing. If there's no easy way to tell at decryption
time which blocks use which padding type then you've got a problem. If you
don't mind potentially having an extra block, perhaps you should use
PKCS1_PADDING for all blocks (ie. encrypt the first "key size - 11 bytes",
then the next, ...). At least this way you know that you always use
PKCS1_PADDING.
Also, you can't just blindly encrypt a block of data that is the same size
as the key. The data must be less than the modulus, not just in size but in
value. For example you cannot encrypt a block when the highest significant
byte of your modulus is 0x53 and the highest significant byte of your data
is 0x54. For this reason, it's always wise to use padding, as well as for
the increased security. If you really must use no padding, then grabbing
the number of bytes equal to the keylength is not good enough, you will have
to then compare the BIGNUM values and drop a byte of data if it's bigger
than the modulus.
Just use padding.
> -----Original Message-----
> From: Fedor Utenkov [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, November 16, 2000 7:02 PM
> To: [EMAIL PROTECTED]
> Subject: RSA encryption. How to use xxx_PADDING.
>
> Hello all,
>
> I'm new to encryption. I'm using an OpenSSL 0.9.6 to encrypt data
> using RSA. The data length is about 4 times longer against
> RSA_size() of my key. To encrypt all data I split it to blocks with
> length equal to key size and encrypt one by one w/o PADDING. The
> last block, if its length less than key size should be encrypted
> with XXX_PADDING. But, for example, PKCS1_PADDING needs to have at
> least 11 bytes difference between data and key lengths. So if for
> the last data block length difference less than 11 bytes, I must
> split this block again to have 2 blocks with difference greater 11
> to encrypt all data. Finally on the decryption step I don't know if
> there are 2 or 1 PADDED blocks at the end of data. Currently I
> decrypt data till the two blocks remaining. Then try decrypt block
> before last with PADDING and if error occurs (possible block was
> encrypted without PADDING) try to decrypt it w/o PADDING (typically
> decrypts ok). The same situation with the last block.
>
> So I have a question. Is my schema write or it is another more clear
> way to use RSA cipher with OpenSSL library ?
>
> Best regards,
> Fedor Utenkov
> ABG Card Technology
> mailto:[EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]