On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote:
> Just to be clear, below is not the actual code, but what I would *like*
> to be able to do (or something close).
What you are asking to do is not possible, not because of API limitations,
but as a matter of principle (mathematical property of RSA).
> I have a situation where I have a message that has been encrypted via
> RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1,
> dmq1, and iqmp components (I know it might sound odd that I don't have
> the e and d components but that is the case).
The RSA algorithm computes a ciphertext M' from a plaintext M via
M' = (M)^e mod n (i.e. mod pq).
decryption is possible when p, q (and implicitly e) are known because
M = (M')^d mod n
provided:
- M < n (e.g. the message is shorter than the key bit length),
thus computing the result mod n loses no information.
- d*e = 1 mod phi(n) = (p-1)(q-1)
http://en.wikipedia.org/wiki/Euler%27s_totient_function
when e, p and q are known, d can be computed via Euclid's algorithm for
finding the multiplicative inverse of a mod b, when a is co-prime to b.
When e is unknown, any M'' obtained from M via some exponent e' is
as a good a plaintext as M since, if e'*d' = 1 mod phi(n), we have:
M' = (M^e) = ((M^e')^d')^e = (M'')^(d'*e)
therefore if the public exponent were (d'*e) instead of e, the same
message M' decrypts to M' instead of M. There is no well-defined inverse
to RSA without "e", since e is fundamental parameter of the operation
you want to invert.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
