> From: owner-openssl-us...@openssl.org On Behalf Of Pareto, Charles
> Sent: Friday, 21 May, 2010 17:14
> I'm trying to get the same result with the c#
RSACryptoServiceProvider class
> that 'openssl.exe rsautl ' gives me.
>
> The c# class wants more properties set before you can encrypt a
message.
I can't help with C#, but this borders on an abstract crypto issue.
> How can I obtain the parameters that 'openssl.exe rsautl'
implements.
> For example the exponent, q parameters, p parameters, dp, dq parameters,
etc.
> These are optional arguments for the c# class.
> Ex. Exponent = {1,0,1}
d,p,q,dP,dQ,qInv are the components of an RSA private key that are not
in the public key. And except for the first, only in the CRT (Chinese
Remainder Theorem) form, which is used widely including by openssl.
If that 'exponent' is notated in bytes, it would be 65537 aka 'F4',
a commonly used value for the public exponent e. The private exponent
d must be much larger, and for usual e will appear random.
> > openssl.exe rsautl -encrypt -inkey dir\\public.pem -pubin -in
filename -out encryptedfilename
Aside: unless you're using a Unixoid shell glomped onto Windows,
like mingw, you usually don't need to specify .exe to find an
executable and don't need to double backslashes in pathnames.
RSA encrypt, or verify, uses and should need only the public key,
which substantively consists only of e and n (where n = p * q).
The private key fields are needed, and generally should be used,
only for decrypt, or sign. That's the way public-key crypto works,
and provides certain (we hope useful!) security features.
You can see public.pem does not contain and this command can't use
private bits with openssl rsa -in public.pem -pubin -noout -text
(Note however that rsautl -decrypt does need the private key.)
If some part of C# really demands a private key to RSA *encrypt*,
it is hopelessly broken and could never provide useful security.
Although M$ certainly makes mistakes from time to time, I would
be very surprised if they made such a basic and obvious one, so
I suspect your understanding is actually wrong. Perhaps you aren't
(correctly) doing something needed to tell it to be in encrypt mode,
or (more abstractly) to use a public rather than private RSA key.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
