Re: [openssl.org #789] OpenSSL's crypto support for crippled keys

Wed, 10 Dec 2003 12:04:52 -0800 

Steve, is there another way to import a crippled private key in OpenSSL? 
i.e. another way different from using a PKCS#1 encoding?
I did a small test and I NULL'ed out the p, q, dmq, dmp, and iqmp fields 
of an RSA data structures and then I tried to export it 
(i2d_RSAPrivateKey) and I got a crippled PKCS#1 encoding that did not 
contain any primes and CRT components (which I kind of expected).  The 
weird thing is that I try to reimport that PKCS#1 encoding 
(d2i_RSAPrivateKey) and I got an ASN1_item_ex_d2i error ("field missing"). 
 I find a little peculiar to not be able to import a key in OpenSSL that 
was also exported by OpenSSL.
Thanks.

Serban Maerean
Unix System Service (Cluster Security)
T/L: 293-9770, Tel.: 835-433-9770
E-mail: [EMAIL PROTECTED]




"Stephen Henson via RT" <[EMAIL PROTECTED]>
Sent by: <[EMAIL PROTECTED]>
12/09/2003 04:33 PM
Please respond to rt

 
        To:     Serban Maerean/Austin/[EMAIL PROTECTED]
        cc:     [EMAIL PROTECTED]
        Subject:        [openssl.org #789] OpenSSL's crypto support for crippled keys




[EMAIL PROTECTED] - Tue Dec  9 20:56:58 2003]:

> Steve, thanks for you answer.
> Unfortunately, the crippled PKCS#1 key encoding that I produced
> contained
> the primes and CRT components of 1 byte in length  and a value of 0 in
> order to circumvent an error condition in the OpenSSL's key
> conversion/importing routines (the d2i_RSAPrivateKey, I believe).
> Therefore, the imported RSA private key (using the same
> d2i_RSAPrivateKey)
> has non-NULL pointers for the primes and CRT components that point to
> something that is zero (therefore the "divide by zero" error).  I
> don't
> know how to get around the encoding error other than using some data
> for
> the primes and CRT components.

You can't because the structure OpenSSL uses is a PKCS#1 RSAPrivateKey
structure and the CRT components are mandatory. Setting them to zero
means it isn't a valid RSAPrivateKey structure any more.

> My application doesn't have access to the RSA structure (in my case,
> the
> OpenSSL data structures are encapsulated and hidden from applications
> for
> various reasons).  I am not aware of how I can recover the primes used
> to
> generate the private exponent.  Do you know of such a method?
> Thanks.
> 

Yes it is possible to recover one of the primes just given (n, e, d)
after that calculating the remaining CRT components is trivial.

See for example:

http://discuss.microsoft.com/SCRIPTS/WA-MSD.EXE?A2=ind0302c&L=cryptoapi&T=0&F=&S=&P=433

Steve.









______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to