|
Thanks very much for the suggestion.
It is not enough to free and null rsa->p, rsa->q,
rsa->dmp1 and rsa->dmq1.
You have also to set them with new values such as
:
ctx =
BN_CTX_new();
BN_clear(rsa->d);
rsa->d = BN_copy((BIGNUM*)rsa->d, (const
BIGNUM*)new_privkey);
err = BN_mod(rsa->dmp1,
rsa->d, rsa->p, ctx);
And then it will work !
The problem now is that if I sign a message digest
(using RSA_sign()) after
these operations, then RSA_verify fails, because the
padding check fails !
Even if I replace the rsa->d with the same one
generated by RSA_generate_key
and stoerd in new_privkey with BN_copy, the RSA_verify
fails !
I think that there is something wrong with the RSA
structure, but I have no idea
of what I can do to make it working !
Does anybody have any idea ?
Thanks again,
Paolo.
----- Original Message -----
Sent: Sunday, September 17, 2000 5:50
PM
Subject: Re: RSA_private_encrypt
To change a RSA private key, you should manually change
the
rsa->d,
and clear (free and set to NULL) the rsa->p, rsa->q,
rsa->dmp1, rsa->dmq1,
and rsa->iqmp, because they are also
generated in the RSA_generate_key() ,
and if they are generated, the
computation will use them, not use the 'd' directly.
It is a faster
computation.
To gain a private key you want, the nicer practise is set the
e as you want.
----- Original Message -----
From: Dr S N Henson
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent:
Saturday, September 16, 2000 4:15 AM
Subject: Re:
RSA_private_encrypt
> "montinip@libero." wrote:
> >
> > Hi everybody,
> > I have a problem: I am developing a
project in which I need to use
> > 'special' RSA private
keys.
> > I use RSA_generate_key() to generate the key pair and the I
use BN_copy
> > to modify manually tha value of rsa->d.
>
> If I check with RSA_check_key the test fails as it was supposed to
do
> > and also I am sure that the value has been changed when I use
RSA_print!
> > But when I use RSA_private_encrypt to sign a digest it
uses the 'old'
> > rsa->d value, the one generated with
RSA_generate_key !!!
> >
> > Someone can tell me why? How
does RSA_private_encrypt work?Why it
> > doesn't simply do to =
from^rsa->d mod rsa->n ?
> >
>
> It doesn't do
that because it uses the Chinese remainder theorem
> version of the RSA
algorithm which is faster.
>
> The reason you are seeing that
behaviour is that the CRT version
> doesn't use 'd' if all the other
CRT components are present. Try
> BN_free()ing and NULLing one or more
of the components like rsa->p
> or rsa->q first.
>
>
Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
>
Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core
developer of the OpenSSL project: http://www.openssl.org/
> Business
Email: [EMAIL PROTECTED] PGP key: via
homepage.
>
______________________________________________________________________
>
OpenSSL
Project
http://www.openssl.org
>
Development Mailing
List
[EMAIL PROTECTED]
>
Automated List
Manager
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL
Project
http://www.openssl.org
Development
Mailing
List
[EMAIL PROTECTED]
Automated
List
Manager
[EMAIL PROTECTED]
|
