Steve, thanks for you answer.
Unfortunately, the crippled PKCS#1 key encoding that I produced contained
the primes and CRT components of 1 byte in length and a value of 0 in
order to circumvent an error condition in the OpenSSL's key
conversion/importing routines (the d2i_RSAPrivateKey, I believe).
Therefore, the imported RSA private key (using the same d2i_RSAPrivateKey)
has non-NULL pointers for the primes and CRT components that point to
something that is zero (therefore the "divide by zero" error). I don't
know how to get around the encoding error other than using some data for
the primes and CRT components.
My application doesn't have access to the RSA structure (in my case, the
OpenSSL data structures are encapsulated and hidden from applications for
various reasons). I am not aware of how I can recover the primes used to
generate the private exponent. Do you know of such a method?
Thanks.
Serban Maerean
Unix System Service (Cluster Security)
T/L: 293-9770, Tel.: 835-433-9770
E-mail: [EMAIL PROTECTED]
"Stephen Henson via RT" <[EMAIL PROTECTED]>
Sent by: <[EMAIL PROTECTED]>
12/09/2003 09:18 AM
Please respond to rt
To: Serban Maerean/Austin/[EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: [openssl.org #789] OpenSSL's crypto support for crippled keys
[EMAIL PROTECTED] - Tue Dec 9 14:51:37 2003]:
> Hello:
> Actually, this is more of a question than a request for enhancement.
> Does
> OpenSSL's crypto support crippled PKCS#1 encoded private keys?
> Crippled PKCS#1 encoded keys are keys that don't have all the PKCS#1
> components. I have keys that contain only the modulus, and the public
> and
> the private exponents. They do not contain the primes and the CRT
> exponents and coefficient. When I try to use these keys I get a
> "divide
> by zero" error from OpenSSL, raising the suspission that OpenSSL does
> not
> support crippled private keys. Can you please confirm this?
There is code which tests this case and bypasses the CRT code if some or
all of the CRT components aren't present in the RSA structure.
By not present that means they are set to NULL in the structure: you
wont be able to do that with a standard PEM RSAPrivateKey structure,
you'd need to fill in the RSA structure "manually".
If the relevant fields are just zero in the PKCS#1 RSAPrivateKey
encoding then that's a violation of the standard and it may well cause
an exception.
You can always calculate the CRT components using various techniques.
That's generally a good idea since you get much better performance that
way.
Steve.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
