<Replacement for RSA_public_decrypt>

Narayana, Sunil Kumar sanarayana at rbbn.com
Fri Jan 29 11:29:25 UTC 2021 

Hi Thulasi,

Currently in (1.0.1) we are following the following sequence, which now need to replace with EVP.

Current sequence

//to create RSA pubkey
rsa = PEM_read_bio_RSA_PUBKEY(keybio, NULL, NULL, NULL);  // !!!

//to decrypt using RSA utility
RSA_public_decrypt(len, (unsigned char*)buffer,decrypted,rsa, RSA_PKCS1_PADDING) ;

As you mentioned , if we use PEM_read_bio_PUBKEY to get EVP_PKEY, it will be a pubkey right ? but in order to decrypt as per the example in https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_decrypt_init.html
We need to use an RSA private key

Please suggest.

Regards,
Sunil
From: Thulasi Goriparthi <thulasi.goriparthi at gmail.com>
Sent: 29 January 2021 13:07
To: Narayana, Sunil Kumar <sanarayana at rbbn.com>
Cc: openssl-users at openssl.org
Subject: Re: <Replacement for RSA_public_decrypt>

________________________________
NOTICE: This email was received from an EXTERNAL sender
________________________________

Hope, you are referring to https://www.openssl.org/docs/man1.0.2/man3/EVP_PKEY_encrypt.html<https://protect-us.mimecast.com/s/C67CC73AG3hQlMmXs8mmvp?domain=openssl.org>

Use PEM_read_bio_PUBKEY to get EVP_PKEY.
eng is for engine reference. If you have no engine, it can be NULL.

Thanks,
Thulasi.

On Fri, 29 Jan 2021 at 10:13, Narayana, Sunil Kumar <sanarayana at rbbn.com<mailto:sanarayana at rbbn.com>> wrote:
Dear Openssl team,

                While migrating from 1.0.2 to 3.0 we observe that RSA_public_decrypt() API been deprecated in 3.0.
We referred the example provided in man page but we are not clear in generating the initial ‘key’ required to create CTX.
Please suggest on (key , eng) params to proceed

Also currently we are using PEM_read_bio_RSA_PUBKEY() to generate RSA, I think this might not require in case of EVP, please suggest.

/*
  * NB: assumes key, eng, in, inlen are already set up
  * and that key is an RSA private key
  */
ctx = EVP_PKEY_CTX_new(key, eng);


Regards,
Sunil



Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.

Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210129/2086d642/attachment.html>

More information about the openssl-users mailing list