Thanks for your detailed Explanation Dave. I am going to encrypt using AES in server side using EVP , EVP_EncryptInit_ex(&x, EVP_aes_256_cbc(), NULL, key,iv)) EVP_EncryptUpdate(&x, outbuf, &outlen, (const unsigned char*) intext, strlen(intext))) EVP_EncryptFinal_ex(&x,outbuf+outlen,&tmplen))
client will be using JAVE to decrypt the same. should i use the above same funtion to encrypt the or i must use AES_cbc_encrypt(); to encrypt the same. Thanks for your time, Krishnamurthy On Fri, Aug 26, 2011 at 5:20 AM, Dave Thompson <dthomp...@prinpay.com>wrote: > > From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy > santhanam > > Sent: Wednesday, 24 August, 2011 02:32 > > > Basically when we encrypt something using an RSA key (whether > public > > > or private), the encrypted value must be smaller than the key (due to > > the maths used to do the actual encryption). So if you have a 1024-bit > key, > > in theory we could encrypt any 1023-bit value (or a 1024-bit value > smaller > > > than the key) with that key. > > More precisely, smaller than the modulus 'N' but > large enough not to be subject to a trivial break. > An RSA public key is the pair (e,n) where e is usually small, > and the private key is in principle the pair (d,n) where d is > usually a substantial fraction of n. RSA private keys may > and in OpenSSL do also include additional 'Chinese Remainder > Theorem' aka CRT information to make computation faster. > > Plus, most actual RSA encryption schemes add padding. > In particular simply RSA-encrypting raw user data allows > an adversary to determine if a guessed plaintext is correct, > which in general is considered an unacceptable weakness. > Thus the value size you can encrypt is somewhat less than > the RSA modulus size because of this padding; the commonly > used PKCS#1 v1.5 'classic' and v2 OAEP are 11 and 41 bytes. > If used certain ways v1.5 has weakness (see Bleichenbacher's > attack on early SSL) which is why OAEP was created. > > > below is the code snippet i am trying to do AES Encryption. > > it works fine. if i see some example in openssl they are using KEY value > > EVP_MAX_KEY_LENGTH(32 bytes). can i use RSA public key(1024 bit) to > encrypt > > the same value and use private to decrypt the value. > > It's not entirely 'fine', see below. > > EVP_MAX_KEY_LENGTH is the maximum length for *any* (supported) > *symmetric* algorithm. It is useful if you want to write generic > code that works for various algorithms selectable at runtime, > as many common systems like SSL/TLS SMIME/CMS/PKCS7 PGP do. > If you are using only a specific cipher you can use the key length > for that cipher which might be smaller. > > However, the key lengths for *asymmetric* algorithms, including RSA, > are all separate. You need to use the correct one for each. > > > unsigned char key[] = > {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; > > unsigned char iv[] = {1,2,3,4,5,6,7,8}; > > char intext[] = "string to make the random number generator > think it has entropy"; > > // Straight encrypt > > EVP_CIPHER_CTX x; > > EVP_CIPHER_CTX_init(&x); > > if(!EVP_EncryptInit_ex(&x, EVP_aes_256_cbc(), NULL, key, > iv)) > > printf("\n ERROR!! \n"); > > The key for AES-256 is 32 bytes, and IV for AES-anything 16 bytes. > You are using partly unknown possibly garbage values, which means > you may be unable to decrypt the result in any other program. > (Of course in any real use the IV should be random or at least unique > and unpredictable, and the key should be random or at least secret.) > > > if(!EVP_EncryptUpdate(&x, outbuf, &outlen, > > (const unsigned char*) intext, strlen(intext))) > > printf("\n ERROR!! \n"); > > if(!EVP_EncryptFinal_ex(&x,outbuf+outlen,&tmplen)) > > printf("\n ERROR!! \n"); > > outlen+=tmplen; > > In general when any OpenSSL call returns an error, you should look > at the error stack: http://www.openssl.org/support/faq.html#PROG6 > For these particular calls (symm encrypt without engine) it's not vital, > but if and when you start doing other things it becomes valuable. > > > } > > EVP_CIPHER_CTX_cleanup(&x); > > This should be within the routine (before the closing brace). > > Now to your actual question: > > Yes in abstract you can encrypt and decrypt data directly with RSA. > In practice people usually don't, because of the limitations. > Most widespread systems like SSL/TLS and SMIME and PGP are 'hybrid', > where for encryption the data is encrypted with a symmetric algorithm > and a random 'working' or 'session' key, and public-key algorithms > like RSA DH or ECDH are used to transfer or share that working key; > in the simplest case, the working key is just RSA-encrypted. > Similarly for signing people don't actually RSA-sign their data; > instead a hash like SHA1 is computed from the data, and that hash > (plus limited overhead like an OID) is signed by RSA or [EC]DSA. > These hybrids are what EVP_{Seal,Open}* and EVP_{Sign,Verify}* do. > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >