Hi Victor,
Your analysis is not true because the original poster says he has dmp1,
dmq1 and iqmp, not only p and q. With these 5 parameters, it is possible
to recover the plain text from the ciphered text thanks to the Chinese
Reminder Transformation (CRT). Moreover, it is possible to recover the
pubic exponent e and the private exponent d from these 5 parameters
using a mathematical transformation. I have implemented such a
transformation in an open source tool that I put on SourceForge : you
can get it along with the mathematics behind it from the following link
: http://rsaconverter.sourceforge.net/ .
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 2/24/2011 5:48 AM, Victor Duchovni wrote:
On Wed, Feb 23, 2011 at 09:03:13PM -0600, Shaheed Bacchus (sbacchus) wrote:
Just to be clear, below is not the actual code, but what I would *like*
to be able to do (or something close).
What you are asking to do is not possible, not because of API limitations,
but as a matter of principle (mathematical property of RSA).
I have a situation where I have a message that has been encrypted via
RSA_public_encrypt. On the receiving end I have the n, p, q, dmp1,
dmq1, and iqmp components (I know it might sound odd that I don't have
the e and d components but that is the case).
The RSA algorithm computes a ciphertext M' from a plaintext M via
M' = (M)^e mod n (i.e. mod pq).
decryption is possible when p, q (and implicitly e) are known because
M = (M')^d mod n
provided:
- M< n (e.g. the message is shorter than the key bit length),
thus computing the result mod n loses no information.
- d*e = 1 mod phi(n) = (p-1)(q-1)
http://en.wikipedia.org/wiki/Euler%27s_totient_function
when e, p and q are known, d can be computed via Euclid's algorithm for
finding the multiplicative inverse of a mod b, when a is co-prime to b.
When e is unknown, any M'' obtained from M via some exponent e' is
as a good a plaintext as M since, if e'*d' = 1 mod phi(n), we have:
M' = (M^e) = ((M^e')^d')^e = (M'')^(d'*e)
therefore if the public exponent were (d'*e) instead of e, the same
message M' decrypts to M' instead of M. There is no well-defined inverse
to RSA without "e", since e is fundamental parameter of the operation
you want to invert.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org