[openssl-users] One question about RSA decrypt with private key

Yu Wei yu2003w at hotmail.com
Thu Mar 23 10:12:46 UTC 2017


Hi Matt,


I checked openssl source code. It seems that PKCS#1 is default padding mode.

For encrypting user data such as user's password, could I use PKCS#1 or OAEP padding mode?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux

________________________________
From: openssl-users <openssl-users-bounces at openssl.org> on behalf of Matt Caswell <matt at openssl.org>
Sent: Thursday, March 23, 2017 6:05:43 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] One question about RSA decrypt with private key



On 23/03/17 05:29, Yu Wei wrote:
> After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx,
> RSA_NO_PADDING)",  it worked well.
>
>
> However, I still quite understand the usage of "RSA_NO_PADDING".
>
>
> Who could kindly explain this?
>

RSA_NO_PADDING gives you "raw" RSA encryption. From the manual:

    RSA_NO_PADDING
    Raw RSA encryption. This mode should only be used to implement
    cryptographically sound padding modes in the application code.
    Encrypting user data directly with RSA is insecure.

https://www.openssl.org/docs/man1.1.0/crypto/RSA_public_encrypt.html

Basically, unless you are implementing a new RSA padding mode, or really
know what you are doing, don't use it.

Matt


> Thanks,
>
> Jared, (韦煜)
> Software developer
> Interested in open source software, big data, Linux
>
> ------------------------------------------------------------------------
> *From:* openssl-users <openssl-users-bounces at openssl.org> on behalf of
> Yu Wei <yu2003w at hotmail.com>
> *Sent:* Thursday, March 23, 2017 1:20:42 AM
> *To:* openssl-users at openssl.org
> *Subject:* [openssl-users] One question about RSA decrypt with private key
>
>
> Hi guys,
>
>
> I generated RSA private key and public key as below,
>
> openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048
>
> openssl rsa -pubout -in pri.key -out pub.key
>
>
> And encrypted text file as below,
>
> openssl pkeyutl -encrypt -pubin -inkey ~/pub.key -in ~/1.txt -out ~/1e.txt
>
>
> Then I wrote below program to decrypt the encryted file. However, it
> seemed that decrypt didn't work as  expected.
>
>
> #include <openssl/evp.h>
> #include <openssl/rsa.h>
> #include <openssl/pem.h>
> #include <openssl/err.h>
> #include <openssl/conf.h>
> #include <iostream>
>
> using namespace std;
>
> void
> cleanup()
> {
>     EVP_cleanup();
>     CRYPTO_cleanup_all_ex_data();
>     ERR_free_strings();
> }
>
> int
> main(int argc, char** argv)
> {
>     ERR_load_crypto_strings();
>     OpenSSL_add_all_algorithms();
>     OPENSSL_config(nullptr);
>
>     cout<<"Initialize crypto library done"<<endl;
>
>     EVP_PKEY * key = EVP_PKEY_new();
>     if (key == nullptr) {
>         cout<<"Failed to contruct new key"<<endl;
>         return 1;
>     }
>     FILE * fpri = nullptr;
>     fpri = fopen("/home/stack/pri.key", "r");
>     if (fpri == nullptr) {
>         cout<<"Failed to load private key"<<endl;
>         return 1;
>     }
>     key = PEM_read_PrivateKey(fpri, &key, nullptr, nullptr);
>     if (key == nullptr) {
>         std::cout<<"Read private key failed"<<endl;
>         return 1;
>     }
> cout<<"load private key successfully"<<endl;
>     EVP_PKEY_CTX *ctx = nullptr;
>     ctx = EVP_PKEY_CTX_new(key, nullptr);
>     EVP_PKEY_decrypt_init(ctx);
>     EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING);
>
>     size_t outlen = 0, inlen = 0;
>     unsigned char * out = nullptr, * in = nullptr;
>
>     char buf[1024];
>     FILE * fe = nullptr;
>     fe = fopen("/home/stack/1e.txt", "r");
>     size_t len = fread(buf, 1, sizeof(buf),  fe);
>     cout<<"data input length is "<<len<<endl;
>     EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen);
>     cout<<"outlen is "<<outlen<<endl;
>
>     out = (unsigned char*)OPENSSL_malloc(outlen);
>     EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen);
>     cout<<"decrypted data "<<out<<endl;
>     cleanup();
>
>     return 0;
>
> }
>
>
> When executing the code, the result is as below,
>
> [stack at agent ~]$ ./test
> Initialize crypto library done
> load private key successfully
> data input length is 256
> outlen is 256
> decrypted data
>
>
> Is there anything missed?
>
>
> Thanks,
>
> Jared, (韦煜)
> Software developer
> Interested in open source software, big data, Linux
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170323/ddee1d03/attachment-0001.html>


More information about the openssl-users mailing list