Emmanuel, Would you mind explaining why you choose to continue encrypting the AES key, which - admittedly - is an unnecessary overkill? Is it merely to preserve the established process itself? On 5/26/20, 04:26, "openssl-users on behalf of Emmanuel Deloget" <openssl-users-bounces@xxxxxxxxxxx on behalf of logout@xxxxxxx> wrote: Hello Richard and everybody, First, thanks all for your valuable responses ; be sure that I heard you and I fully understand your remarks (for the record, I do generate a signature on the binary using yet another key pair and I fully get that encrypting the AES key in my case is a bit overkill given the fact that it does not provide any added security). On Mon, May 25, 2020 at 6:14 PM Richard Levitte <levitte@xxxxxxxxxxx> wrote: > > On Mon, 25 May 2020 13:20:28 +0200, > Emmanuel Deloget wrote: > > In my development I'm using a idiom that's not as widely used as I > > thought (as I get it after multiple days of searching out there). In > > order to securely distribute a binary, I encrypt it using an AES key > > and the AES key itself is encrypted using a /private/ RSA key I own. > > That's a perfectly viable thing to do, and is usually called "signing", > and what you're signing here is the AES key. > > > Only owners of the /public/ key (which, as it is a publilc key, may > > leak) can decrypt the AES key, and therefore the binary. > > Which is usually called "verifying the signature". > > This looks like object signing to me. It definitely looks like this, yes. > > Of course, in order to do this I rely on RSA_private_encrypt() and > > RSA_public_decrypt() because EVP_PKEY_encrypt() / EVP_PKEY_decrypt() > > cannot be used(*). > > EVP_PKEY_encrypt() and EVP_PKEY_decrypt() are the wrong functions to > use. However, there are EVP_PKEY_sign() and EVP_PKEY_verify_recover() > (if I read you correctly, that's the function you need, rather than a > mere EVP_PKEY_verify()). > > > So, after that long introduction, here is my question : is there any > > OpenSSL 3.0 sanctionned, EVP_PKEY-based way to crypt using a private > > key and decrypt using a public key? > > Yes, see above. Those functions have been around for a while, I think > you can start playing with them in any current OpenSSL version. The _recover() function was the missing piece in my understanding of the library. I'll check that as soon as possible. Thanks a lot ! BTW, maybe this information should be made more easily available (on the man page for RSA_private_encrypt()/RSA_public_decrypt() maybe ?) > Cheers, > Richard > > -- > Richard Levitte levitte@xxxxxxxxxxx > OpenSSL Project http://www.openssl.org/~levitte/ Best regards, -- Emmanuel Deloget
Attachment:
smime.p7s
Description: S/MIME cryptographic signature