Thanks for your detailed Explanation Dave. I am going to encrypt using AES
in server side using EVP ,
EVP_EncryptInit_ex(&x, EVP_aes_256_cbc(), NULL, key,iv))
EVP_EncryptUpdate(&x, outbuf, &outlen, (const unsigned char*) intext,
strlen(intext)))
EVP_EncryptFinal_ex(&x,outbuf+outlen,&tmplen))
client will be using JAVE to decrypt the same. should i use the above same
funtion to encrypt the or i must use
AES_cbc_encrypt();
to encrypt the same.
Thanks for your time,
Krishnamurthy
On Fri, Aug 26, 2011 at 5:20 AM, Dave Thompson <dthomp...@prinpay.com>wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
> santhanam
> > Sent: Wednesday, 24 August, 2011 02:32
>
> > Basically when we encrypt something using an RSA key (whether
> public
>
> > or private), the encrypted value must be smaller than the key (due to
> > the maths used to do the actual encryption). So if you have a 1024-bit
> key,
> > in theory we could encrypt any 1023-bit value (or a 1024-bit value
> smaller
>
> > than the key) with that key.
>
> More precisely, smaller than the modulus 'N' but
> large enough not to be subject to a trivial break.
> An RSA public key is the pair (e,n) where e is usually small,
> and the private key is in principle the pair (d,n) where d is
> usually a substantial fraction of n. RSA private keys may
> and in OpenSSL do also include additional 'Chinese Remainder
> Theorem' aka CRT information to make computation faster.
>
> Plus, most actual RSA encryption schemes add padding.
> In particular simply RSA-encrypting raw user data allows
> an adversary to determine if a guessed plaintext is correct,
> which in general is considered an unacceptable weakness.
> Thus the value size you can encrypt is somewhat less than
> the RSA modulus size because of this padding; the commonly
> used PKCS#1 v1.5 'classic' and v2 OAEP are 11 and 41 bytes.
> If used certain ways v1.5 has weakness (see Bleichenbacher's
> attack on early SSL) which is why OAEP was created.
>
> > below is the code snippet i am trying to do AES Encryption.
> > it works fine. if i see some example in openssl they are using KEY value
> > EVP_MAX_KEY_LENGTH(32 bytes). can i use RSA public key(1024 bit) to
> encrypt
> > the same value and use private to decrypt the value.
>
> It's not entirely 'fine', see below.
>
> EVP_MAX_KEY_LENGTH is the maximum length for *any* (supported)
> *symmetric* algorithm. It is useful if you want to write generic
> code that works for various algorithms selectable at runtime,
> as many common systems like SSL/TLS SMIME/CMS/PKCS7 PGP do.
> If you are using only a specific cipher you can use the key length
> for that cipher which might be smaller.
>
> However, the key lengths for *asymmetric* algorithms, including RSA,
> are all separate. You need to use the correct one for each.
>
> > unsigned char key[] =
> {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
> > unsigned char iv[] = {1,2,3,4,5,6,7,8};
> > char intext[] = "string to make the random number generator
> think it has entropy";
> > // Straight encrypt
> > EVP_CIPHER_CTX x;
> > EVP_CIPHER_CTX_init(&x);
> > if(!EVP_EncryptInit_ex(&x, EVP_aes_256_cbc(), NULL, key,
> iv))
> > printf("\n ERROR!! \n");
>
> The key for AES-256 is 32 bytes, and IV for AES-anything 16 bytes.
> You are using partly unknown possibly garbage values, which means
> you may be unable to decrypt the result in any other program.
> (Of course in any real use the IV should be random or at least unique
> and unpredictable, and the key should be random or at least secret.)
>
> > if(!EVP_EncryptUpdate(&x, outbuf, &outlen,
> > (const unsigned char*) intext, strlen(intext)))
> > printf("\n ERROR!! \n");
> > if(!EVP_EncryptFinal_ex(&x,outbuf+outlen,&tmplen))
> > printf("\n ERROR!! \n");
> > outlen+=tmplen;
>
> In general when any OpenSSL call returns an error, you should look
> at the error stack: http://www.openssl.org/support/faq.html#PROG6
> For these particular calls (symm encrypt without engine) it's not vital,
> but if and when you start doing other things it becomes valuable.
>
> > }
> > EVP_CIPHER_CTX_cleanup(&x);
>
> This should be within the routine (before the closing brace).
>
> Now to your actual question:
>
> Yes in abstract you can encrypt and decrypt data directly with RSA.
> In practice people usually don't, because of the limitations.
> Most widespread systems like SSL/TLS and SMIME and PGP are 'hybrid',
> where for encryption the data is encrypted with a symmetric algorithm
> and a random 'working' or 'session' key, and public-key algorithms
> like RSA DH or ECDH are used to transfer or share that working key;
> in the simplest case, the working key is just RSA-encrypted.
> Similarly for signing people don't actually RSA-sign their data;
> instead a hash like SHA1 is computed from the data, and that hash
> (plus limited overhead like an OID) is signed by RSA or [EC]DSA.
> These hybrids are what EVP_{Seal,Open}* and EVP_{Sign,Verify}* do.
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
