Hi Matt,
I checked openssl source code. It seems that PKCS#1 is default padding mode.
For encrypting user data such as user's password, could I use PKCS#1 or OAEP padding mode?
Thanks,
Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux
From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of Matt Caswell <matt@xxxxxxxxxxx>
Sent: Thursday, March 23, 2017 6:05:43 PM
To: openssl-users@xxxxxxxxxxx
Subject: Re: One question about RSA decrypt with private key
Sent: Thursday, March 23, 2017 6:05:43 PM
To: openssl-users@xxxxxxxxxxx
Subject: Re: One question about RSA decrypt with private key
On 23/03/17 05:29, Yu Wei wrote:
> After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx,
> RSA_NO_PADDING)", it worked well.
>
>
> However, I still quite understand the usage of "RSA_NO_PADDING".
>
>
> Who could kindly explain this?
>
RSA_NO_PADDING gives you "raw" RSA encryption. From the manual:
RSA_NO_PADDING
Raw RSA encryption. This mode should only be used to implement
cryptographically sound padding modes in the application code.
Encrypting user data directly with RSA is insecure.
https://www.openssl.org/docs/man1.1.0/crypto/RSA_public_encrypt.html
Basically, unless you are implementing a new RSA padding mode, or really
know what you are doing, don't use it.
Matt
> Thanks,
>
> Jared, (韦煜)
> Software developer
> Interested in open source software, big data, Linux
>
> ------------------------------------------------------------------------
> *From:* openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of
> Yu Wei <yu2003w@xxxxxxxxxxx>
> *Sent:* Thursday, March 23, 2017 1:20:42 AM
> *To:* openssl-users@xxxxxxxxxxx
> *Subject:* One question about RSA decrypt with private key
>
>
> Hi guys,
>
>
> I generated RSA private key and public key as below,
>
> openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048
>
> openssl rsa -pubout -in pri.key -out pub.key
>
>
> And encrypted text file as below,
>
> openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt
>
>
> Then I wrote below program to decrypt the encryted file. However, it
> seemed that decrypt didn't work as expected.
>
>
> #include <openssl/evp.h>
> #include <openssl/rsa.h>
> #include <openssl/pem.h>
> #include <openssl/err.h>
> #include <openssl/conf.h>
> #include <iostream>
>
> using namespace std;
>
> void
> cleanup()
> {
> EVP_cleanup();
> CRYPTO_cleanup_all_ex_data();
> ERR_free_strings();
> }
>
> int
> main(int argc, char** argv)
> {
> ERR_load_crypto_strings();
> OpenSSL_add_all_algorithms();
> OPENSSL_config(nullptr);
>
> cout<<"Initialize crypto library done"<<endl;
>
> EVP_PKEY * key = EVP_PKEY_new();
> if (key == nullptr) {
> cout<<"Failed to contruct new key"<<endl;
> return 1;
> }
> FILE * fpri = nullptr;
> fpri = fopen("/home/stack/pri.key", "r");
> if (fpri == nullptr) {
> cout<<"Failed to load private key"<<endl;
> return 1;
> }
> key = PEM_read_PrivateKey(fpri, &key, nullptr, nullptr);
> if (key == nullptr) {
> std::cout<<"Read private key failed"<<endl;
> return 1;
> }
> cout<<"load private key successfully"<<endl;
> EVP_PKEY_CTX *ctx = nullptr;
> ctx = EVP_PKEY_CTX_new(key, nullptr);
> EVP_PKEY_decrypt_init(ctx);
> EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING);
>
> size_t outlen = 0, inlen = 0;
> unsigned char * out = nullptr, * in = nullptr;
>
> char buf[1024];
> FILE * fe = nullptr;
> fe = fopen("/home/stack/1e.txt", "r");
> size_t len = fread(buf, 1, sizeof(buf), fe);
> cout<<"data input length is "<<len<<endl;
> EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen);
> cout<<"outlen is "<<outlen<<endl;
>
> out = (unsigned char*)OPENSSL_malloc(outlen);
> EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen);
> cout<<"decrypted data "<<out<<endl;
> cleanup();
>
> return 0;
>
> }
>
>
> When executing the code, the result is as below,
>
> [stack@agent ~]$ ./test
> Initialize crypto library done
> load private key successfully
> data input length is 256
> outlen is 256
> decrypted data
>
>
> Is there anything missed?
>
>
> Thanks,
>
> Jared, (韦煜)
> Software developer
> Interested in open source software, big data, Linux
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users