REMOVE
REMOVE __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Need help about compile openssl 0.9.6 on NT 4.0
Hi: I am trying to compile OPENSSL 0.9.6 version in MS Windows NT 4.0 with MS VC++ 5.0 installed, I ran the following commands like you explain in INSTALL.W32 file : perl Configure VC-WIN32 ms\do_ms nmake -f ms\ntdll.mak In this commands I get the following output : Building OpenSSLcopy nul+ .\crypto\cryptlib.h tmp32dll\cryptlib.hnul.\crypto\cryptlib.h 1 file(s) copied.copy nul+ .\crypto\buildinf.h tmp32dll\buildinf.hnul cl /Fotmp32dll\rand_egd.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\rand\rand_egd.crand_egd.ccl /Fotmp32dll\rand_win.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 /Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\rand\rand_win.crand_win.c.\crypto\rand\rand_win.c(581) : error C2400: inline assembler syntax error in 'opcode'; found 'newline'NMAKE : fatal erro U1077: 'cl' : return code '0x2'Stop How can I fix the error? I check the openssl 0.9.5a source code and the file .\crypto\rand\rand_win.c is new in the openssl 0.9.6 version, I compile the 0.9.5a version again and all was OK, the problem is with the new 0.9.6 version. Please help me GrettingsArmando Garcia Garcia
Using OpenSSL in combination with nCipher
Hi All, I just installed openssl-engine-0.9.6 on win NT. I'm trying to find out how to use this in combination with a nCipher-device (nForce). But I don 't know how. Does somebody have a few small samples how to this? Ulrichts Erik HyperTrust __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[Crypt::SSLeay] problems running on FreeBSD4.2
Hi I'm having problems getting Crypt::SSLeay to work on my virtual server under FreeBSD4.2... When I run a simple test I get the following message: /usr/libexec/ld-elf.so.1: /usr/local/lib/site_perl/auto/Crypt/SSLeay/SSLeay.so: Undefined symbol "OpenSSL_add_all_algorithms" I installed it using cpan and that all seemed to go through fine. Before installing I was getting the "Protocol not supported" message. Its probably a config error, but thought I would check with you first before getting in touch with my ISP support... Thanks TinK | [EMAIL PROTECTED] Slightly Miffed - Now with One Leg Too Many! http://www.miffed.com/ or http://www.mp3.com/miffed/ "Either Slightly Miffed are insanely brilliant or very, very warped." __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA Encrypt/Decrypt fails
Jan Zoellner wrote: At 15.02.01 13:04, you wrote: point of using RSA if not ?, so I will insist once again on the fact that you SHOULDN'T do that. I reimplemented the whole thing to be padded with random data (which are discarded upon decryption). PKCS#1 padding is worse than that, if I interpret the source correctly. It sounds much better. If your protocol _ever_ sends the same data block to two different recipients, you are dead and buried. Different recipients dont matter: The data is privately encrypted and can be read by many recipients, all having posession of the same public key. (Symmetric or hybrid cryptography is not applicable.) Data is never sent to different recipients, as there is only one (at least from the viewpoint of used keys). You are right, I spoke a bit too fast. What's more, the attack I was refering to, as someone made me notice already, requires "e" messages, not 2, so it's more difficult to do if you use a large e, like 65535. I remembered how I was told of an actual implementation, not using padding, that could be broke this way very easily, but it sounds like it used e=3. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
REMOVE
REMOVE ___ Duc Chau, Network Operations Engineer L90: Internet Advertising Solutions v 310 | 751-0200 x320 f 310 | 578-2091 Stand Out! http://www.L90.com Los Angeles . San Francisco . Chicago . Detroit . New York . Miami . Seattle . London ___ Check out our Kick-Ass Technology! Go to http://www.L90admonitor.com
Re: Why is mod_ssl OK with NN 4.5?!
On Thu, Feb 15, 2001 at 05:04:41PM +, Andrew Cooke wrote: After spending the day trying to find differences in the code I am starting to wonder whether mod_ssl has a patch applied that is not in OpenSSL. Is that possible? (the mod_ssl I am using comes precompiled from openSA). Can anyone suggest any other possible difference (see details below)? Do you try to set SSL_OP_ALL as of http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html ? - I am using SSLv3_method in my code and SSLProtocol: SSLv3 in Apache/mod_ssl - SSL diagnostics from my own server indicate that SSL3_GET_RECORD is seeing the wrong version Without checking the mod_ssl source, I would rather recommend you to use SSLv23_method and SSL_OP_NO_SSLv2 if you don't want to allow SSLv2. See http://www.openssl.org/docs/ssl/SSL_CTX_new.html I expect this second point to be your problem. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [Crypt::SSLeay] problems running on FreeBSD4.2
TinK wrote: Hi I'm having problems getting Crypt::SSLeay to work on my virtual server under FreeBSD4.2... When I run a simple test I get the following message: /usr/libexec/ld-elf.so.1: /usr/local/lib/site_perl/auto/Crypt/SSLeay/SSLeay.so: Undefined symbol "OpenSSL_add_all_algorithms" I hear about this error message when the wrong SSL is installed on a system. Make sure your system has the latest openssl, and Crypt::SSLeay is compiled against those sources. --Josh __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: What does the e-value do?
First a bit of background. RSA is this: p,q primes N=pq e=prime that is not a factor of p-1 or q-1 and not equal to p or q d = e^-1 mod (p-1)(q-1) public key = {e,N} private key = {d, N} Encryption = X = M^e mod N Decryption = M = X^d mod N The e-value you see in the call is the value e above. The recommendation of using 3 or 65537 is a speed decision, and I would definitely recommend 65537 over 3 for security reasons. Joe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: symmetric key produced by Diffie-Helman alg. not equal in both sides
- Original Message - From: "Bruker, Ohad" [EMAIL PROTECTED] All the basic stuff you mentioned is implemented right. It is already *WORKING* on Linux and Windows platforms without any problems. I encounter this problem probably because Solaris does not support random device !!! The manual seeding of the PRNG probably cause this problem (symmetric key in both sides is not equal). Thanks, Ohad. The PRNG has absolutely nothing to do with the negotiation. The PRNG is only used when creating the keys and their parameters, after that no randomness enters or leaves the system. The DH exchange is simply: Pka, Pkb = public keys for A and B Ska, Skb = private keys for A and B P = a large prime G = a generator for P (typically a small prime, 2 or 5 is common) Ska, Skb = Random numbers Pka = G^Ska mod P Pkb = G^Skb mod P the shared secret is K1 = Pka^Skb mod P K2 = pkb^Ska mod P K1=K2 Because the public key can also be any random value, the PRNG is not an issue (as long as it doesn't generate 0). If you're sure that modular exponentiation is working and that the keys are being transferred correctly, then it must work, regardless of the PRNG involved. That's why I was asking those questions. If you can dissect the implementation and make sure that each of these is performing properly, DH key exchange will work correctly. Joe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Subject: [Crypt::SSLeay] compile problems on HPUX
Hello, I am trying to install the Crypt:SSLeay module on an HPUX 10.20 system, and am having trouble with it. Is this module even able to run on HPUX? Here is the error that I am receiving. == Writing Makefile for Crypt::SSLeay # make test /opt/ansic/bin/cc -c -I/usr/local/ssl/include -D_HPUX_SOURCE -Aa -O -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\ " +z -I/opt/perl5.004/lib/PA-RISC1.1/5.004/CORE SSLeay.c Running Mkbootstrap for Crypt::SSLeay () chmod 644 SSLeay.bs LD_RUN_PATH="/usr/local/ssl/lib" ld -o ./blib/arch/auto/Crypt/SSLeay/SSLeay.sl -b -L/usr/local/lib SSLeay.o -L/usr/local/ssl/lib -lssl -lcrypto ld: (Warning) At least one PA 2.0 object file (SSLeay.o) was detected. The linked output may not run on a PA 1.x system. ld: Invalid loader fixup for symbol "$002B0009". *** Error exit code 1 Stop. Thanks for any help you could provide!! Ryan Block HRIT I.T. Engineer Hewlett Packard 2125 East Katella Avenue, Suite 400 Anaheim, CA 92806 (w) 714-940-7034 (p) 800-971-7876 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
No Subject
Hi, I need to load a certificate from disk so I can check to see if it validity before time is in the future. I've been trying to use PEM_read_X509 but it crashes. Anyone got any examples that show how to successfully load a certificate from disk and view its contents. I can't find anything. Cheers Evan Get your own zoom email - click here - http://www.zoom.co.uk/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
IE problems with SSL handshake
Greetings A few weeks ago I began to look at possibilities into implementing SSL into a webserver I work with. I began by looking at numerous examples (as well as ordering the SSL/TLS book I have heard so much about, but it still has not arrived), and after a lot of playing around I am able to establish an SSLv23 handshake. I am able to establish a handshake w/ OpenSSL's 's_client' using the -ssl3 paremeter along with -state -debug -showcerts for debugging information. no errors. certificate information comes up and it seems all bytes were written and read correctly. so, it came time to load up an HTTPS client and try it out. The first thing I did was load up IE and try to pull up the page (note, right now that the handshake is the only thing that is functional, it won't actually load up a page.) IE was not able to load up the certificate information, and a warning box came up and said 'ssl protocol error' or something along those lines. Other versions of IE didn't even give an error, but rather just a 'page cannot be displayed'. Devestated (heh), I began to dig through the openssl-users archives to see what the problem could be.I came across a message about 'problems with IE but netscape can load it..' it was a message regarding mod_ssl with apache (and just explained some paremeters you can pass inside httpd.conf to fix those issues) so not much said in the message was useful to me. HOWEVER i was able to load the URL and establish an ssl connection w/ Netscape 4.7 and Netscape 6. It brought up the pretty certificate window and asked if i wanted to accept it / displayed the information correctly. My question is: whats the deal with IE? what do I need to do to fix these kind of issues? a few notes: I'm using SSL_set_fd() on a blocking file descriptor for the socket. I am doing error checking on SSL_accept() and it seems once in a while (only in IE) I will get an "SSL_ERROR_SSL" from SSL_get_error(). I thought about braving through the mod_ssl code to see what I could come up with but i thought I would check here first and see if you guys had any pointers. Thanks in advance, Joshua C. Bergeron
Re: Subject: [Crypt::SSLeay] compile problems on HPUX
On Thu, Feb 15, 2001 at 12:35:52PM -0700, BLOCK,RYAN (HP-PaloAlto,ex1) wrote: I am trying to install the Crypt:SSLeay module on an HPUX 10.20 system, and am having trouble with it. Is this module even able to run on HPUX? Here is the error that I am receiving. == Writing Makefile for Crypt::SSLeay # make test /opt/ansic/bin/cc -c -I/usr/local/ssl/include -D_HPUX_SOURCE -Aa -O -DVERSION=\"0.22\" -DXS_VERSION=\"0.22\ " +z -I/opt/perl5.004/lib/PA-RISC1.1/5.004/CORE SSLeay.c Running Mkbootstrap for Crypt::SSLeay () chmod 644 SSLeay.bs LD_RUN_PATH="/usr/local/ssl/lib" ld -o ./blib/arch/auto/Crypt/SSLeay/SSLeay.sl -b -L/usr/local/lib SSLeay.o -L/usr/local/ssl/lib -lssl -lcrypto ld: (Warning) At least one PA 2.0 object file (SSLeay.o) was detected. The linked output may not run on a PA 1.x system. ld: Invalid loader fixup for symbol "$002B0009". *** Error exit code 1 Please check out whether you have OpenSSL with shared libraries. You cannot create a shared library (SSLeay.sl) with references to a statically linked library. There is a script in the shlib/ directory to build OpenSSL with shared libraries on HP-UX. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
CRL generation help
This is the Postfix program at host speedy.server.zoom.co.uk. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please contact [EMAIL PROTECTED] If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program [EMAIL PROTECTED]: host en5.engelschall.com [129.132.7.153] said: 550 [EMAIL PROTECTED]... User unknown Hi, I am doing the following to create a certificate revocation list. 1) openssl ca -revoke server.pem -config myca.cfg to revoke the certificate. 2) openssl ca -gencrl -config myca.cfg -out myca/crl/crl.pem to create the CRL. Even if a swap the order around the following ALWAYS happens. When I view the CRL it states that there are no revoked certificates yet the index files have changed and seem to have revoked it or prepared to revoke it. What am i missing from this sequence? anyone have a clue about CRLs? Help! thanks Evan Get your own zoom email - click here - http://www.zoom.co.uk/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: crashes on AIX 4.2.1
On Wed, 14 Feb 2001, Richard Levitte - VMS Whacker wrote: [EMAIL PROTECTED] is there for reporting bugs. allrighty, thanks. However, could you try to build OpenSSL with debugging options so the backtrace could provide a little more info. It might be a good thing to do the same with your own application at this time. doing that now with the stable snapshot from today. "my own application" (which is actually ucd-snmp) was compiled with debug flags; that's why i included the dbx output below, and that's what pointed to RAND_bytes as the segfaulter. But I'll get to all that on the bug list. Thanks! Ben bcollar Segmentation fault in RAND_bytes at 0xd1e8898c bcollar 0xd1e8898c (RAND_bytes+0x8) 800c lwz r0,0x0(r12) bcollar bcollar (dbx) where bcollar RAND_bytes() at 0xd1e8898c bcollar sc_random(??, ??), line 149 in "scapi.c" bcollar init_usm_post_config(??, ??, ??, ??), line 2428 in bcollar "snmpusm.c" bcollar snmp_call_callbacks(??, ??, ??), line 99 in "callback.c" bcollar read_premib_configs(), line 474 in "read_config.c" bcollar init_snmp(??), line 641 in "snmp_api.c" bcollar snmp_parse_args(??, ??, ??, ??, ??), line 411 in bcollar "snmp_parse_args.c" bcollar main(argc = 0, argv = (nil)), line 130 in "snmpget.c" -- Richard Levitte \ Spannvgen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: RSA Encrypt/Decrypt fails
PKCS#1 padding type 1 pads with 0xff bytes, and padding type 2 pads with random data (terminated with a 0x00 byte). You probably observed that RSA_eay_public_encrypt uses padding type 2 (random data), though RSA_eay_private_encrypt uses padding type 1. Since "RSA encryption" typically means encrypting with a public key (not a private key as in your case), then this implementation does use random padding bytes. You're encrypting with a private key which is not usually done other than for a signing operation. I'm guessing that RSA_eay_private_encrypt uses padding type 1 since this function isn't intended for encrypting data, just signing it, because data that can be decrypted with a "public" key isn't really secure. Steven -- Steven Reddie [EMAIL PROTECTED] Senior Software Engineer Computer Associates Pty Ltd (Australia) -Original Message- From: Jan Zoellner [SMTP:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 12:13 AM To: [EMAIL PROTECTED] Subject: Re: RSA Encrypt/Decrypt fails I reimplemented the whole thing to be padded with random data (which are discarded upon decryption). PKCS#1 padding is worse than that, if I interpret the source correctly. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
problems on AIX
Howdy I'm writing to both openssl-users and net-snmp-users because I'm not sure where the bug really lies, but here's the deal: I've compiled net-snmp latest stable and openssl latest stable with -g using gcc on AIX 4.2.1. All net-snmp apps segfault instantly. This will cease to happen if I don't use openssl. Now, I ran dbx on snmpget and get all this wacky fun stuff: reading symbolic information ...internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: 1283-228 expected char ',', found 's__LC_locale:,768,32;__meth_ptr:36,800,32;__data_ptr:36,832,32;;' internal error: 1283-228 expected char ',', found '__LC_locale:,768,32;__meth_ptr:36,800,32;__data_ptr:36,832,32;;' internal error: 1283-228 expected char ';', found '_LC_locale:,768,32;__meth_ptr:36,800,32;__data_ptr:36,832,32;;' internal error: unexpected value 44 at line 3779 in file stabstring.c internal error: 1283-228 expected char ',', found '768,32;__meth_ptr:36,800,32;__data_ptr:36,832,32;;' internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: 1283-228 expected char ',', found 's_LC_locale_objhdl:,64,32;;' internal error: 1283-228 expected char ',', found '_LC_locale_objhdl:,64,32;;' internal error: 1283-228 expected char ';', found 'LC_locale_objhdl:,64,32;;' internal error: unexpected value 44 at line 3779 in file stabstring.c internal error: 1283-228 expected char ',', found '64,32;;' internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: unexpected value 120 at line 3779 in file stabstring.c internal error: 1283-228 expected char ',', found 'svariable_list:,1152,32;community:337=*77,1184,32;community_len:12,1216,32;enterprise:338=*327,1248,32;enterprise_length:12,1280,32;trap_type:-4,1312,32;specific_type:-4,1344,32;agent_addr:331,1376,736;contextEngineID:337,2112,32;contextEngineIDLen:12,2144,32;contextName:21,2176,32;contextNameLen:12,2208,32;securityEngineID:337,2240,32;securityEngineIDLen:12,2272,32;securityName:21,2304,32;securityNameLen:12,2336,32;priority:-1,2368,32;range_subid:-1,2400,32;securityStateRef:36,2432,32;;' internal error: 1283-228 expected char ',', found 'variable_list:,1152,32;community:337=*77,1184,32;community_len:12,1216,32;enterprise:338=*327,1248,32;enterprise_length:12,1280,32;trap_type:-4,1312,32;specific_type:-4,1344,32;agent_addr:331,1376,736;contextEngineID:337,2112,32;contextEngineIDLen:12,2144,32;contextName:21,2176,32;contextNameLen:12,2208,32;securityEngineID:337,2240,32;securityEngineIDLen:12,2272,32;securityName:21,2304,32;securityNameLen:12,2336,32;priority:-1,2368,32;range_subid:-1,2400,32;securityStateRef:36,2432,32;;' internal error: 1283-228 expected char ';', found 'ariable_list:,1152,32;community:337=*77,1184,32;community_len:12,1216,32;enterprise:338=*327,1248,32;enterprise_length:12,1280,32;trap_type:-4,1312,32;specific_type:-4,1344,32;agent_addr:331,1376,736;contextEngineID:337,2112,32;contextEngineIDLen:12,2144,32;contextName:21,2176,32;contextNameLen:12,2208,32;securityEngineID:337,2240,32;securityEngineIDLen:12,2272,32;securityName:21,2304,32;securityNameLen:12,2336,32;priority:-1,2368,32;range_subid:-1,2400,32;securityStateRef:36,2432,32;;' internal error: unexpected value 44 at line 3779 in file stabstring.c internal error: 1283-228 expected char ',', found '1152,32;community:337=*77,1184,32;community_len:12,1216,32;enterprise:338=*327,1248,32;enterprise_length:12,1280,32;trap_type:-4,1312,32;specific_type:-4,1344,32;agent_addr:331,1376,736;contextEngineID:337,2112,32;contextEngineIDLen:12,2144,32;contextName:21,2176,32;contextNameLen:12,2208,32;securityEngineID:337,2240,32;securityEngineIDLen:12,2272,32;securityName:21,2304,32;securityNameLen:12,2336,32;priority:-1,2368,32;range_subid:-1,2400,32;securityStateRef:36,2432,32;;' [using memory image in core] Segmentation fault in RAND_bytes at 0xd0c7e644 0xd0c7e644 (RAND_bytes+0x8) 800clwz r0,0x0(r12) hahah, what the heck does all that mean??? I know RAND_bytes is in openssl, but all the stabstring stuff? I dunno. Thanks Ben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Setting the bit to 128
Is there an option to openssl that enables you to set the bit to 128? I want to generate the cert using the CA.pl script, but by default it sets the bit to 40. I'd like to set the bit to 128. Can someone provide the syntax for this option? Thanks. - Wally Winzer Jr. S/MIME Cryptographic Signature
RE: RSA Encrypt/Decrypt fails
At 16.02.01 01:52, you wrote: I'm guessing that RSA_eay_private_encrypt uses padding type 1 since this function isn't intended for encrypting data, just signing it, because data that can be decrypted with a "public" key isn't really secure. Youre right about that. The main goal is indeed providing authenticity (without the need for a real digital signature, but MACs wont do), the encryption being a nice add-on effect. Im reimplemented it with my own padding (random data), which I shouldve done from the beginning indeed. That still wouldve sent me into the modulo trap, though. :) Ciao Jan __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA Encrypt/Decrypt fails
At 15.02.01 18:19, you wrote: What's more, the attack I was refering to, as someone made me notice already, requires "e" messages, not 2, so it's more difficult to do if you use a large e,like 65535. Ive read this post as well. Thanks for all the info, guys, the code is now working as intended and is probably secure enough. Ciao Jan __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: What does the e-value do?
Firstly i'd like to thank you for your help. I was always considering that e should be selected at random, so i'm really surprised at the answer. I'm eager to know why 65537 is selected as the e, and are there any fact proofing it is better than other primes seleted out randomly? - Original Message - From: "Joseph Ashwood" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 16, 2001 3:02 AM Subject: Re: What does the "e-value" do? First a bit of background. RSA is this: p,q primes N=pq e=prime that is not a factor of p-1 or q-1 and not equal to p or q d = e^-1 mod (p-1)(q-1) public key = {e,N} private key = {d, N} Encryption = X = M^e mod N Decryption = M = X^d mod N The e-value you see in the call is the value e above. The recommendation of using 3 or 65537 is a speed decision, and I would definitely recommend 65537 over 3 for security reasons. Joe __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]