<Replacement for RSA_public_decrypt>
Thulasi Goriparthi
thulasi.goriparthi at gmail.com
Fri Jan 29 11:54:06 UTC 2021
Isn't it obvious to use PEM_read_PrivateKey() or variants to load the
private key as EVP_PKEY
and use EVP_PKEY_decrypt* as specified in
https://www.openssl.org/docs/man1.0.2/man3/EVP_PKEY_decrypt.html ?
Thanks,
Thulasi.
On Fri, 29 Jan 2021 at 16:59, Narayana, Sunil Kumar <sanarayana at rbbn.com>
wrote:
> Hi Thulasi,
>
>
>
> Currently in (1.0.1) we are following the following sequence, which now
> need to replace with EVP.
>
>
>
> *Current sequence*
>
>
>
> //to create RSA pubkey
>
> rsa = PEM_read_bio_RSA_PUBKEY(keybio, NULL, NULL, NULL); // !!!
>
>
>
> //to decrypt using RSA utility
>
> RSA_public_decrypt(len, (unsigned char*)buffer,decrypted,rsa,
> RSA_PKCS1_PADDING) ;
>
>
>
> As you mentioned , if we use PEM_read_bio_PUBKEY to get EVP_PKEY, it will
> be a pubkey right ? but in order to decrypt as per the example in
> https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_decrypt_init.html
>
> We need to use an RSA private key
>
>
>
> Please suggest.
>
>
>
> Regards,
>
> Sunil
>
> *From:* Thulasi Goriparthi <thulasi.goriparthi at gmail.com>
> *Sent:* 29 January 2021 13:07
> *To:* Narayana, Sunil Kumar <sanarayana at rbbn.com>
> *Cc:* openssl-users at openssl.org
> *Subject:* Re: <Replacement for RSA_public_decrypt>
>
>
> ------------------------------
>
> NOTICE: This email was received from an EXTERNAL sender
> ------------------------------
>
>
>
> Hope, you are referring to
> https://www.openssl.org/docs/man1.0.2/man3/EVP_PKEY_encrypt.html
> <https://protect-us.mimecast.com/s/C67CC73AG3hQlMmXs8mmvp?domain=openssl.org>
>
>
>
> Use PEM_read_bio_PUBKEY to get EVP_PKEY.
>
> eng is for engine reference. If you have no engine, it can be NULL.
>
>
>
> Thanks,
>
> Thulasi.
>
>
>
> On Fri, 29 Jan 2021 at 10:13, Narayana, Sunil Kumar <sanarayana at rbbn.com>
> wrote:
>
> Dear Openssl team,
>
>
>
> While migrating from 1.0.2 to 3.0 we observe that
> RSA_public_decrypt() API been deprecated in 3.0.
>
> We referred the example provided in man page but we are not clear in
> generating the initial ‘key’ required to create CTX.
>
> Please suggest on (key , eng) params to proceed
>
>
>
> Also currently we are using PEM_read_bio_RSA_PUBKEY() to generate RSA, I
> think this might not require in case of EVP, please suggest.
>
>
>
> /*
>
> * NB: assumes key, eng, in, inlen are already set up
>
> * and that key is an RSA private key
>
> */
>
> ctx = EVP_PKEY_CTX_new(key, eng);
>
>
>
>
>
> Regards,
>
> Sunil
>
>
>
>
>
>
> Notice: This e-mail together with any attachments may contain information
> of Ribbon Communications Inc. and its Affiliates that is confidential
> and/or proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all copies,
> including any attachments.
>
>
> Notice: This e-mail together with any attachments may contain information
> of Ribbon Communications Inc. and its Affiliates that is confidential
> and/or proprietary for the sole use of the intended recipient. Any review,
> disclosure, reliance or distribution by others or forwarding without
> express permission is strictly prohibited. If you are not the intended
> recipient, please notify the sender immediately and then delete all copies,
> including any attachments.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210129/c6c032ed/attachment-0001.html>
More information about the openssl-users
mailing list