-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Reddie, Steven Sent: Sunday, February 25, 2001 4:26 PM To: [EMAIL PROTECTED] Subject: RE: Maximum size of RSA message, was: Re: RSA Encrypt/Decrypt fails The message being encrypted/decrypted MUST be smaller than the modulus of the key. Think about the operation that takes place during encryption: c = m^e mod n where: m is the message to be encrypted, (n,e) is the public key (modulus and exponent) c is the ciphertext (encrypted output) The "mod n" results in the output value, c, being limited to a value in the range 0 to n-1 inclusive. If m is bigger than n then too much data will be thrown away by the modulo operation and it will not be possible to recover the original message. It is not just a matter of clearing the top bit of the message. The message must be a smaller value than the modulus. Steven -- Steven Reddie <[EMAIL PROTECTED]> Senior Software Engineer Computer Associates Pty Ltd (Australia) > -----Original Message----- > From: Guus Sliepen [SMTP:[EMAIL PROTECTED]] > Sent: Monday, February 26, 2001 3:55 AM > To: [EMAIL PROTECTED] > Subject: Maximum size of RSA message, was: Re: RSA Encrypt/Decrypt > fails > On Wed, Feb 14, 2001 at 02:44:02PM -0800, Joseph Ashwood wrote: > Just a guess, but a fairly educated one, try setting flen to 1 byte (or even > 1 bit) smaller than the key. What I suspect is happening is you are > sometimes trying to encrypt values that are larger than the modulus so > you're getting a modular reduction of the value encrypted. > Joe I'm having a similar problem. For authentication and key exchange purposes, I generate a random string which is exactly as long as my RSA key is. Then I encrypt it without padding (since the message it is totally random noise and just used once). However, the message is not decrypted properly on the other end when the first bit of the plaintext was set. Why is this? Nowhere in documentation or literature can I find that the first bit should not be set. Is this a bug in OpenSSL? Or is this a known fact? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]