Re: RSA_public_encrypt max message length
Thanks to everyone for the help. I'll try what you suggested. -Patrick David Schwartz wrote: In that case, is there some function in openssl to chain several encrypts/decrypts together, so I can use the RSA functions to encrypt a DH key exchange? Otherwise I'm just going to have to write some sort of splitting and chaining operation, that splits the message up into chunks of under RSA_size, encrypts each chunk as a separate operation, etc. Is this what is normally done in this sort of situation? I'm baffled why you're trying to encrypt a public key. There should be no need to. In any event, if you do need to encrypt a larger-sized object, you've already been told how to do it. Generate a random key, encrypt the object with that random key using a symmetric cipher, and then encrypt the random key using RSA. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA_public_encrypt max message length
In that case, is there some function in openssl to chain several encrypts/decrypts together, so I can use the RSA functions to encrypt a DH key exchange? Otherwise I'm just going to have to write some sort of splitting and chaining operation, that splits the message up into chunks of under RSA_size, encrypts each chunk as a separate operation, etc. Is this what is normally done in this sort of situation? -Patrick Richard Levitte - VMS Whacker wrote: In message <[EMAIL PROTECTED]> on Fri, 04 Jun 2004 11:17:49 +0800, Patrick Coleman <[EMAIL PROTECTED]> said: pcoleman> Bulk encryption, I think. I just want to encrypt/decrypt > pcoleman> RSA_size(key) bytes in one operation. You can't encrypt/decrypt messages larger than the key with the RSA algorithm. It's part of the algorithm. Therefore, it's better (as some other have said) to encrypt/decrypt the message with a symmetric algorithm, using a randomly generated key that you in turn encrypt/decrypt using RSA (because the key is likely to be smaller than RSA_size(rsakey)). - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA_public_encrypt max message length
Oh, I realise what you meant now. I'm using the encryption for DH, which I guess counts as key exchange :) The DH public parameters are 512 bytes, and RSA_size gives 256 for a keylength of 2048. I dont really want to go too much above this (speed - is this reasonable?). When you say that the ciphers operate on a digest for key exchange, how would you do that? Might make things easier. Thanks, Patrick ET Tan wrote: Then you should choose one of the symmetric ciphers (aes, des, ...). Asymmetric ciphers like rsa/dsa are for key exchange/signing only, and for these purposes, these ciphers operate on a digest (which is little) rather than the data itself. - Original Message - From: "Patrick Coleman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 04, 2004 11:17 AM Subject: Re: RSA_public_encrypt max message length Bulk encryption, I think. I just want to encrypt/decrypt > RSA_size(key) bytes in one operation. Thanks, Patrick ET Tan wrote: What were you trying to do? Key exchange or bulk encryption? - Original Message - From: "Patrick Coleman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 04, 2004 10:53 AM Subject: RSA_public_encrypt max message length Hi, When encrypting strings with RSA_public_encrypt, I cant seem to encrypt more than RSA_size(key) bytes. Is there any way to encrypt more than this number of bytes in a single call to RSA_public_encrypt (or a similar function)? Thanks, Patrick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA_public_encrypt max message length
Bulk encryption, I think. I just want to encrypt/decrypt > RSA_size(key) bytes in one operation. Thanks, Patrick ET Tan wrote: What were you trying to do? Key exchange or bulk encryption? - Original Message - From: "Patrick Coleman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 04, 2004 10:53 AM Subject: RSA_public_encrypt max message length Hi, When encrypting strings with RSA_public_encrypt, I cant seem to encrypt more than RSA_size(key) bytes. Is there any way to encrypt more than this number of bytes in a single call to RSA_public_encrypt (or a similar function)? Thanks, Patrick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA_public_encrypt max message length
Hi, When encrypting strings with RSA_public_encrypt, I cant seem to encrypt more than RSA_size(key) bytes. Is there any way to encrypt more than this number of bytes in a single call to RSA_public_encrypt (or a similar function)? Thanks, Patrick __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: non-blocking BIO
For SSL_accept, you need to make the underlying socket non-blocking, rather than a non-blocking BIO. You can make a socket non-blocking with the 'fcntl' system call (check the manpages). You may also be interested in the excellent sockets tutorial 'Beej's Guide to Network Programming' located at http://www.ecst.csuchico.edu/~beej/guide/net/html/ Once you have made a socket, and set it non-blocking, create your SSL object as usual and the SSL connection should be then non-blocking. There are some other issues though (particularly when using select), see the following two articles for more info: http://www.linuxjournal.com/article.php?sid=4822 http://www.linuxjournal.com/article.php?sid=5487 Hope that helps, Patrick On Mon, 17 May 2004 8:00 pm, Alexis Lefort wrote: > Hi all, > > My server sometimes block on the call to SSL_accept() because my client > crash on SSL_connect. In many man pages it is told that a BIO can be > blocking or non-blocking. But how can I create a non-blocking BIO (This > would solve my problem I hope). > Thanks in advance. > > Alexis > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- RedHerring: Linux wiki support and tutorials http://covox.sepwich.com/linux CECID: The CEnsorship CIrcumvention Device http://cecid.sf.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
DH Confusion
Hi, I'm a little confused as to how Diffie-Hellman works with openssl. Once the key is generated, which part of the DH struct do you need to send to the other party? I have tried printing dh->pub_key to a terminal, but all I got was '0'. Is this normal? Is there a standard way of formatting such information before it gets sent over the wire (or outputed to screen)? Thanks in advance, Patrick -- RedHerring: Linux wiki support and tutorials http://covox.sepwich.com/linux CECID: The CEnsorship CIrcumvention Device http://cecid.sf.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Blowfish Key Length
Hi, What blowfish key length is used when I run a command like: openssl enc -bf -in "file.txt" -out "file.txt.enc" -pass file:./passfile -e -nosalt Can the key length be changed? I cant seem to find an option in the manpages that does this. Thanks, Patrick -- RedHerring: Linux wiki support and tutorials http://covox.sepwich.com/linux CECID: The CEnsorship CIrcumvention Device http://cecid.sf.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Regarding all the spam...
> I think just simply requiring people to be list members before posting > would be enough to make a big impact. You dont necessarily have to force people to become members. Just ensure that all anonymous posts are be moderated, and the problem is solved. The spam, viruses and anonymous posts get redirected to one administrators inbox, who agrees to put up with them, and legit anonymous posts are allowed into the list from there. Everyone is happy. I've set this up for a couple of lists I manage after problems with spam, and it works well. I do agree with Lance, though, about the irony of the fact that we're generating more mail discussing this than the spammers themselves :) -Patrick -- RedHerring: Linux wiki support and tutorials http://covox.sepwich.com/linux CECID: The CEnsorship CIrcumvention Device http://cecid.sf.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Replay attack prevention
Hi, Am I right in thinking that OpenSSL prevents replay attacks by including a random nonce with each packet? Thanks, Patrick -- RedHerring: Linux wiki support and tutorials http://covox.sepwich.com/linux CECID: The CEnsorship CIrcumvention Device http://cecid.sf.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Strange garbage in RSA decryption
Hi,
I'm trying to do some basic encryption/decryption tests with the openssl RSA routines.
A message seems
to encrypt ok, but when it decrypts theres some random garbage appended onto the end.
Is this normal,
or is it a bug in my code?
This is what I'm doing:
#include
#include
#include
#include
#include
using namespace std;
int main() {
string message;
char pubfile[128], privfile[128], seed[1024];
unsigned int keylength;
RSA *key;
cout<<"Test encryption program for OpenSSL.\n";
cout<<"Key Generation:\nEnter a keylength (bits):\n";
cin>>keylength;
key = RSA_generate_key(keylength, 65537, NULL, NULL);
cout<<"Enter message:\n";
ws(cin);
getline(cin,message);
cout<<"Your message is: "<
This is the output I get from it:
bash-2.05b# ./encrypt
Test encryption program for OpenSSL.
Key Generation:
Enter a keylength (bits):
2048
Enter message:
Testing, Testing, 123
Your message is: Testing, Testing, 123
Size: 21
Keysize: 256
Ciphertext: ,éGéï¯+¦'áñSö¤XÍðw3ýjÙ\:£?ÞX¦§¬Í
Decrypted: Testing, Testing, [EMAIL PROTECTED]@0òÿ¿òÿ¿
bash-2.05b#
The garbage I'm talking about is the '[EMAIL PROTECTED]@0òÿ¿òÿ¿' appended to the
original message 'Testing, Testing, 123'.
Thanks for any assistance,
Patrick
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
