[openssl-dev] Bitlocker
Dirk-Willem van Gulik
dirkx at webweaving.org
Tue Mar 24 11:07:26 UTC 2015
> On 24 Mar 2015, at 10:07, Leon Brits <leonb at parsec.co.za> wrote:
>
> Hi all,
>
> I have a PC which acts like a USB smartcard on which I have OpenSSLv1.0.1e to simulate the smartcards crypto operations.
> I use it to sign/verify/encrypt/decrypt etc. and had no problem using Windows to login and sign/verify emails for instance. Recently I tried bitlocker and got the following error:
>
> Function call 'EVP_PKEY_decrypt()' failed! (error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02).
>
> The part in brackets was returned by OpenSSL.
>
> Can anybody shed some light on what possibly I can be doing wrong with regards to the padding. I do implement PKCS1 and PSS. I’ve written our CSP/KSP for this PC and as I said it works fine with other Windows applications.
>
Not sure if this helps you - but I’ve seen the same issue with Windows SOAP requests which where signed with help from the TPM chip; and in that case it truly turned out that the padding was non standard (type 09).
HOWEVER - the error message has often misled me - as it is *also* triggered by a the length being wrong (flen != num-1(for the type 02 prefix)). So garbled length data can also trigger it (the note in the source that the flen is only used in no-padding mode may be a bit confusing/misleading).
Dw.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150324/3cd62f57/attachment.html>
More information about the openssl-dev
mailing list