[openssl-users] Using RSA_PKCS1_OAEP_PADDING with high level EVP_Seal functions

Norm Green norm.green at gemtalksystems.com
Fri Sep 9 14:43:29 UTC 2016


I agree with Daniel's sentiment and respectfully suggest EPV_Seal* and 
EVP_Open be updated and kept up to date.

We all know how easy it is to get crypto wrong.  Having "one stop shop" 
functions like these are invaluable for when it comes to getting crypto 

Norm Green

On 9/9/2016 3:55 AM, Daniel Knoppel wrote:
> Thanks for the reply! Unfortunately I'm not sure I understand what
> you're saying.
> If EVP_Seal* is an old function, is there a new function with which we
> can accomplish the same functionality?
> What I mean is that the EVP_PKEY_encrypt() looks functionally the same
> as RSA_public_encrypt() (just encrypting using a public key), so it
> doesn't help with encrypting bulk data like the EVP_Seal*() functions.
> For instance, with EVP_PKEY_encrypt users still have to deal with
> symmetric key and iv generation, something that EVP_Seal*() does for you
> (i.e. so you can't get it wrong).
> The official documentation[1] even hints that you should be using
> EVP_Seal*():
> "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt
> respectively. However, note that these functions perform encryption and
> decryption only. As public key encryption is an expensive operation,
> normally you would wrap an encrypted message in a "digital envelope"
> using the EVP_SealInit and EVP_OpenInit functions."
> Best regards,
> Daniel
> [1] https://www.openssl.org/docs/manmaster/crypto/evp.html
> On 8-9-2016 21:18, Dr. Stephen Henson wrote:
>> On Wed, Sep 07, 2016, Daniel Knoppel wrote:
>>> Dear all,
>>> I was wondering about two things:
>>> 1. Can the EVP_Seal*() functions be told to use RSA_PKCS1_OAEP_PADDING,
>>> or do I need to stick with the lower level RSA_public_encrypt()?
>>> >From the source code it seems to me that RSA_PKCS1_PADDING is hardcoded
>>> because EVP_SealInit() [1] calls EVP_PKEY_encrypt_old() [2], which in
>>> turn has the line with hardcoded padding:
>>> ret = RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
>> EVP_Seal*() is an old function hard coded to use RSA_PKCS1_PADDING as you've
>> observed.
>> You don't need to use the low level RSA_public_encrypt() function for
>> OAEP. Instead use the EVP_PKEY APIs EVP_PKEY_encrypt() and EVP_PKEY_decrypt()
>> with the padding mode modified and appropriate parameters set.
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list