On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote:
> Just to be clear, below is not the actual code, but what I would *like* > to be able to do (or something close). What you are asking to do is not possible, not because of API limitations, but as a matter of principle (mathematical property of RSA). > I have a situation where I have a message that has been encrypted via > RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1, > dmq1, and iqmp components (I know it might sound odd that I don't have > the e and d components but that is the case). The RSA algorithm computes a ciphertext M' from a plaintext M via M' = (M)^e mod n (i.e. mod pq). decryption is possible when p, q (and implicitly e) are known because M = (M')^d mod n provided: - M < n (e.g. the message is shorter than the key bit length), thus computing the result mod n loses no information. - d*e = 1 mod phi(n) = (p-1)(q-1) http://en.wikipedia.org/wiki/Euler%27s_totient_function when e, p and q are known, d can be computed via Euclid's algorithm for finding the multiplicative inverse of a mod b, when a is co-prime to b. When e is unknown, any M'' obtained from M via some exponent e' is as a good a plaintext as M since, if e'*d' = 1 mod phi(n), we have: M' = (M^e) = ((M^e')^d')^e = (M'')^(d'*e) therefore if the public exponent were (d'*e) instead of e, the same message M' decrypts to M' instead of M. There is no well-defined inverse to RSA without "e", since e is fundamental parameter of the operation you want to invert. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org