Re: RSA Private Encrypt

Sun, 25 Mar 2001 04:46:22 -0800 

"Kenneth R. Robinette" wrote:
> 
> 
> I was hoping that this was the case.  Now if I set the
> RSA_FLAG_EXT_PKEY flag, how do I specify the function that will
> be called by OpenSSL to do the private encrypt?  Is this available to
> a client program?  I tried following the logic but quite frankly got lost
> at the rsa_eay_private_encrypt function.  Is there any
> documentation on what the "private" function is passed and how the
> results should be returned?
> 

There's some documentation in the relevant rsa manual pages.

What you do effectively is to create an RSA_METHOD structure, copy any
relevant default methods and then replace whichever ones you want. Then
create an RSA structure and set its method to the custom method just
created and of course set RSA_FLAG_EXT_PKEY.

Well that's what you do in non ENGINE builds. In the ENGINE stuff the
method would be in an ENGINE structure and you'd set the RSA structures
ENGINE... or something like that.

rsa_mod_exp() is a low level function that does the actual mathematical
private key operation:

int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa);

it expects an RSA private key operation to be performed on I and the
result placed in r0.

the ex_data part of the 'rsa' structure can be used to include
additional information such as key handles etc.

rsa_mod_exp() is most suitable where the hardware (or whatever) only
handles the raw private key operation. This would be the case in some
crypto accelarators or smart cards that don't do their own padding. In
the smart card case the BIGNUM structures might be converted to and from
buffers before passing to the card API.

It is also possible to override at a higher level using rsa_priv_enc,
rsa_priv_dec functions. This is more suited when the hardware (etc)
implements its own version of the RSA algorithm complete with padding
and pad checking etc, for example PKCS#11 or CryptoAPI.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to