Steve: Thanks for the update. Your tip was enough for me to get things working. I suppose there is a common sense answer to why encryption functions were being used to implement signing in the first place? Sincerely, Eric Gilbertson [EMAIL PROTECTED] -----Original Message----- From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 21, 2000 5:31 PM To: [EMAIL PROTECTED] Subject: Re: what is the purpose of the encrypt/decrypt functions in the key e xchange? Eric Gilbertson wrote: > > Hello Again: > > Can anyone tell me what the purpose of the RSA_public_decrypt()/ > RSA_private_encrypt() pair calls that are used in the SSL3 key > change protocol is? Since they are operating on digested data > it appears that they are used to implement signing? If that is the > case why not do this directly using sign and verify calls? > Also, is it correct that this operation is being performed using the > actual SSL cert key pair and not the ephemeral key that is subsequently > exchanged? Assuming I've got this all straight then it appears to > be impossible to implement this algorithm using PKCS11 devices since > they do not allow "reverse" operations on public keys. > OpenSSL 0.9.5 does call RSA_sign() or RSA_verify() instead of RSA_public_decrypt() and RSA_private_encrypt() and there are also callbacks in RSA_METHOD especially for this. BTW PKCS#11 can do the same as RSA_public_decrypt() with C_VerifyRecover(). Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
