Re: RSA_private_encrypt

Sun, 17 Sep 2000 17:55:16 -0700 

To change a RSA private key, you should manually change 
the rsa->d,
 and clear (free and set to NULL) the rsa->p, rsa->q, rsa->dmp1, rsa->dmq1,
and rsa->iqmp, because they are also generated in the RSA_generate_key() ,
and if they are generated, the computation will use them, not use the 'd' directly.
It is a faster computation.
To gain a private key you want, the nicer practise is set the e as you want.

----- Original Message ----- 
From: Dr S N Henson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, September 16, 2000 4:15 AM
Subject: Re: RSA_private_encrypt


> "montinip@libero." wrote:
> > 
> > Hi everybody,
> > I have a problem: I am developing a project in which I need to use
> > 'special' RSA private keys.
> > I use RSA_generate_key() to generate the key pair and the I use BN_copy
> > to modify manually tha value of rsa->d.
> > If I check with RSA_check_key the test fails as it was supposed to do
> > and also I am sure that the value has been changed when I use RSA_print!
> > But when I use RSA_private_encrypt to sign a digest it uses the 'old'
> > rsa->d value, the one generated with RSA_generate_key !!!
> > 
> > Someone can tell me why? How does RSA_private_encrypt work?Why it
> > doesn't simply do to = from^rsa->d mod rsa->n ?
> > 
> 
> It doesn't do that because it uses the Chinese remainder theorem 
> version of the RSA algorithm which is faster. 
> 
> The reason you are seeing that behaviour is that the CRT version 
> doesn't use 'd' if all the other CRT components are present. Try
> BN_free()ing and NULLing one or more of the components like rsa->p
> or rsa->q first.
> 
> Steve.
> -- 
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED] 
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to