Naming of methods in RSA_METHOD

Thulasi Goriparthi thulasi.goriparthi at gmail.com
Tue Feb 11 10:56:31 UTC 2020


Operations that a private key can do are decrypt and sign. Similarly,
operations that a public key can do are encrypt and verify.

The legacy priv_enc(raw) just refers to raw signing, and is almost same as
sign(with proper padding mechanisms).

It is just a misnomer, as data encrypted with a private key can be
decrypted by everyone with the corresponding public key. It is actually a
sign operation, that lets everyone verify the signature.

Thanks,
Thulasi.


On Sat, 8 Feb, 2020, 08:17 Rafael Ferrer, <eureka6676 at gmail.com> wrote:

> I implemented some custom engines and RSA_meth_set_priv_enc seems to map
> to other libraries' RSA decrypt operation (NCryptDecrypt ||||on Windows
> CNG, Cipher class with Cipher.DECRYPT_MODE on Android). They can do a
> TLS connection just fine with a self-signed cert.
>
>
> I looked at another custom engine and they seem to also use RSA decrypt for
> RSA_meth_set_priv_enc:
>
>
> https://github.com/tpm2-software/tpm2-tss-engine/blob/master/src/tpm2-tss-engine-rsa.c#L163
>
> BoringSSL's (deprecated) rsa_meth_st only has a sign and a decrypt,
> having no encrypt operation:
>
>
> https://commondatastorage.googleapis.com/chromium-boringssl-docs/rsa.h.html#rsa_meth_st
>
>
> Is this just a naming quirk? I want to put down the nagging feeling I
> have a bug somewhere.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/25eceb78/attachment.html>


More information about the openssl-users mailing list