List Info

Thread: gcry_pk_decrypt and leading zeros in the decrypted output
gcry_pk_decrypt and leading zeros in the decrypted output
user name
 2006-09-12 14:44:31 
Hello

gcry_pk_decrypt creates an s-exp of the decryption result.
If passed
something like "(enc-val(flags)(rsa (a%m)))" it
returns "(value
plaintext)". Now if the data is encoded as
EME-PKCS1-v1_5 it has
a leading zero byte. Libgcrypt seems to want to delete that
when I use gcry_sexp_nth_data (and also with
gcry_sexp_nth_mpi).

It seems very unsafe to assume that there was a leading zero
byte that got deleted by libgcrypt as many programs using
libgcrypt seem to do.

What is the correct way to get the value from the decryption
result
sexp while preserving any possible leading zero bytes?

- Einar Karttunen

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-develgnupg.org

http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
gcry_pk_decrypt and leading zeros in the decrypted output
user name
 2006-09-12 14:44:31 
Hello

gcry_pk_decrypt creates an s-exp of the decryption result.
If passed
something like "(enc-val(flags)(rsa (a%m)))" it
returns "(value
plaintext)". Now if the data is encoded as
EME-PKCS1-v1_5 it has
a leading zero byte. Libgcrypt seems to want to delete that
when I use gcry_sexp_nth_data (and also with
gcry_sexp_nth_mpi).

It seems very unsafe to assume that there was a leading zero
byte that got deleted by libgcrypt as many programs using
libgcrypt seem to do.

What is the correct way to get the value from the decryption
result
sexp while preserving any possible leading zero bytes?

- Einar Karttunen

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-develgnupg.org

http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
gcry_pk_decrypt and leading zeros in the decrypted output
user name
 2006-09-13 09:53:41 
On Tue, 12 Sep 2006 16:44, Einar Karttunen said:

> a leading zero byte. Libgcrypt seems to want to delete
that
> when I use gcry_sexp_nth_data (and also with
gcry_sexp_nth_mpi).

Internally these are all MPIs.  Thus it makes no difference
what
function you use to retrieve it.

> It seems very unsafe to assume that there was a leading
zero
> byte that got deleted by libgcrypt as many programs
using

Why do you think it is unsafe?  Leading zeroes of numbers
are
meanigless in computations.  When computing m = c^d mod n
there won't
be a leading zero.  We need to invent it.  The reason pkcs#1
requires
the leading zero is to state that this is a non-negative
number and
less than n.

> What is the correct way to get the value from the
decryption result
> sexp while preserving any possible leading zero bytes?

You don't need the leading zero.  Take a normalized MPI and
check that
it is not negative (the latter is always true for our rsa
implementation).


Salam-Shalom,

   Werner


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-develgnupg.org

http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )