Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Decryption using public key

5 views
Skip to first unread message

alan....@the-logic-group.com

unread,
Oct 19, 2007, 8:35:35 AM10/19/07
to dev-tec...@lists.mozilla.org
I am currently trying to convert from OpenSSL to NSS (seemed like a good
idea at the time). The code that I currently have an issue with is
essentially ...

key=RSA_new();
if (key) {
key->n=BN_bin2bn(IssPubKey,IssPubKeyLgth,NULL);
key->e=BN_bin2bn(PubKeyExponent->value,PubKeyExponent->lgth,NULL);
decrypt_lgth=RSA_public_decrypt(lgth, value, (unsigned char
*)recovered, key, RSA_NO_PADDING);
}
RSA_free(key);


but the key is a public key.


I originally though that function PK11_PubDecryptRaw would provide the
same outcome (having encoded and imported the key - see NSS tech note #7)
but now realise that it only uses a private key (the normal way of doing
things) and cannot be used with a public key. I cannot find any other
function that will do this - so, is there a function that I haven't
spotted yet or am I completely wrong with this approach? !


Any help or ideas greatly appreciated.

-- Alan Morris
The Logic Group
Tel: +44 (0)1252 644021


The Logic Group Enterprises Limited
Logic House, Waterfront Business Park, Fleet Road, Fleet, Hampshire, GU51 3SB, UK
Registered in England. Registered No. 2609323

David Stutzman

unread,
Oct 19, 2007, 9:38:19 AM10/19/07
to
alan....@the-logic-group.com wrote:
> I am currently trying to convert from OpenSSL to NSS (seemed like a good
> idea at the time).

Most here would argue it's a good idea :).

That's a fairly small look at the code. What is it that you are
actually trying to accomplish with the crypto code? How did you encrypt
the data that you are trying to decrypt with a public key?

Usually, you encrypt stuff with a symmetric key that is wrapped with the
recipient's public key and the recipient unwraps the symmetric key with
their private and decrypts the data.

Dave

Wan-Teh Chang

unread,
Oct 19, 2007, 10:17:29 AM10/19/07
to dev-tec...@lists.mozilla.org
On 10/19/07, alan....@the-logic-group.com

<alan....@the-logic-group.com> wrote:
> I am currently trying to convert from OpenSSL to NSS (seemed like a good
> idea at the time). The code that I currently have an issue with is
> essentially ...
>
> key=RSA_new();
> if (key) {
> key->n=BN_bin2bn(IssPubKey,IssPubKeyLgth,NULL);
> key->e=BN_bin2bn(PubKeyExponent->value,PubKeyExponent->lgth,NULL);
> decrypt_lgth=RSA_public_decrypt(lgth, value, (unsigned char
> *)recovered, key, RSA_NO_PADDING);
> }
> RSA_free(key);
>
>
> but the key is a public key.
>
>
> I originally though that function PK11_PubDecryptRaw would provide the
> same outcome (having encoded and imported the key - see NSS tech note #7)
> but now realise that it only uses a private key (the normal way of doing
> things) and cannot be used with a public key. I cannot find any other
> function that will do this - so, is there a function that I haven't
> spotted yet or am I completely wrong with this approach? !

Alan,

Try PK11_PubEncryptRaw, PK11_PubEncryptPKCS1, PK11_VerifyRecover,
and PK11_Verify. Use our LXR source code browser to look at these
functions, for example:
http://lxr.mozilla.org/security/ident?i=PK11_PubEncryptRaw

Because of the RSA_NO_PADDING flag in the OpenSSL code, I
think PK11_PubEncryptRaw is the function you need. This function's
name is very confusing for what you'll use it for. You can consider
as if the function were named PK11_VerifyRecoverRaw.

Wan-Teh

David E. Ross

unread,
Oct 19, 2007, 11:15:40 AM10/19/07
to
On 10/19/2007 5:35 AM, alan....@the-logic-group.com wrote:
> I am currently trying to convert from OpenSSL to NSS (seemed like a good
> idea at the time). The code that I currently have an issue with is
> essentially ...
>
> key=RSA_new();
> if (key) {
> key->n=BN_bin2bn(IssPubKey,IssPubKeyLgth,NULL);
> key->e=BN_bin2bn(PubKeyExponent->value,PubKeyExponent->lgth,NULL);
> decrypt_lgth=RSA_public_decrypt(lgth, value, (unsigned char
> *)recovered, key, RSA_NO_PADDING);
> }
> RSA_free(key);
>
>
> but the key is a public key.
>
>
> I originally though that function PK11_PubDecryptRaw would provide the
> same outcome (having encoded and imported the key - see NSS tech note #7)
> but now realise that it only uses a private key (the normal way of doing
> things) and cannot be used with a public key. I cannot find any other
> function that will do this - so, is there a function that I haven't
> spotted yet or am I completely wrong with this approach? !
>
>
> Any help or ideas greatly appreciated.
>

Here, X.509 keys are used very much like OpenPGP keys. Public keys
encrypt; private keys decrypt. See my
<http://www.rossde.com/PGP/pgp_encrypt.html#basic>.

By the way, your signature should have the "-- " (dash-dash-space) on a
line of its own. This is per Section 4.3 of RFC 3676.

--
David E. Ross
<http://www.rossde.com/>

Natural foods can be harmful: Look at all the
people who die of natural causes.

Wan-Teh Chang

unread,
Oct 19, 2007, 12:49:34 PM10/19/07
to dev-tec...@lists.mozilla.org
On 10/19/07, David E. Ross <nob...@nowhere.not> wrote:
> On 10/19/2007 5:35 AM, alan....@the-logic-group.com wrote:
> > I am currently trying to convert from OpenSSL to NSS (seemed like a good
> > idea at the time). The code that I currently have an issue with is
> > essentially ...
> >
> > key=RSA_new();
> > if (key) {
> > key->n=BN_bin2bn(IssPubKey,IssPubKeyLgth,NULL);
> > key->e=BN_bin2bn(PubKeyExponent->value,PubKeyExponent->lgth,NULL);
> > decrypt_lgth=RSA_public_decrypt(lgth, value, (unsigned char
> > *)recovered, key, RSA_NO_PADDING);
> > }
> > RSA_free(key);
> >
> >
> > but the key is a public key.
>
> Here, X.509 keys are used very much like OpenPGP keys. Public keys
> encrypt; private keys decrypt. See my
> <http://www.rossde.com/PGP/pgp_encrypt.html#basic>.

The RSA_public_decrypt man page indicates that this is a low-level
signature function. You use a public key to decrypt an RSA signature
so that you can verify the recovered hash.

The NSS function PK11_PubEncryptRaw performs the same
mathematical operation as RSA_public_decrypt(..., RSA_NO_PADDING),
even though PK11_PubEncryptRaw is originally intended for RSA
encryption.

Wan-Teh

a_d.m...@hotmail.co.uk

unread,
Oct 19, 2007, 2:13:11 PM10/19/07
to
On Oct 19, 2:38 pm, David Stutzman <dstutzman*at*dsci.com> wrote:

Firstly, let me say that I may be talking out of places that are not
generally used for that purpose - please feel free to point out any
obvious misunderstanding on my part!

The data that I am trying to decrypt has been obtained from a third
party source and was encrypted by that source using their private
key. The data retrieved contains several fields (including a hash
value) - I have to decrypt the data - re-evaluate the hash (from data
held in the fields) and compare it against the retrieved hash - at
which point we can assume that the data is from a valid source.

-- Alan Morris
-- Tel: +44 (0)1252 644021

alan....@the-logic-group.com

unread,
Oct 19, 2007, 4:17:53 PM10/19/07
to
On Oct 19, 3:17 pm, "Wan-Teh Chang" <w...@google.com> wrote:
> On 10/19/07, alan.mor...@the-logic-group.com
> Wan-Teh- Hide quoted text -
>
> - Show quoted text -

I know that you suggest PK11_PubEncryptRaw but I am trying to
decrypt.

-- Alan M

Message has been deleted

Wan-Teh Chang

unread,
Oct 19, 2007, 5:31:02 PM10/19/07
to dev-tec...@lists.mozilla.org
On 19 Oct 2007 13:17:53 -0700, alan....@the-logic-group.com

<alan....@the-logic-group.com> wrote:
>
> I know that you suggest PK11_PubEncryptRaw but I am trying to
> decrypt.

You are trying to verify an RSA signature (by decrypting it with the
public key).

RSA public and private keys can be used symetrically. The
mathematical operation is the same: modular exponentiation
(raise the input to a power, and then take the modulo).

PK11_PubEncryptRaw performs the mathematical operation
you need. NSS doesn't have a variant of PK11_VerifyRecover that omits
PKCS #1 RSA padding. So you need to use PK11_PubEncryptRaw.
I'm sorry this is confusing.

If the RSA signature you need to verify actually has
PKCS #1 RSA padding, then you can use PK11_VerifyRecover
or even PK11_Verify to replace the code you need to do after
RSA_public_decrypt.

Wan-Teh

David E. Ross

unread,
Oct 19, 2007, 11:51:37 PM10/19/07
to

Yes. That's described at my
<http://www.rossde.com/PGP/pgp_signatures.html#generate>.

The content is neither encrypted nor decrypted. The content is hashed,
creating a hashed digest. The digest is then encrypted by the private
key to create the signature.

To verify the signature, the signature is decrypted to recover the
hashed digest. The content is again hashed and compared against the
decrypted digest.

For digital signatures with RSA keys, the private key is used to encrypt
the hashed digest, and the public key is used to recover (decrypt) the
digest. This is the reverse of encrypting for security, in which the
public key encrypts and the private key decrypts. In OpenPGP with
DSS/DH keys, the DSS portion of the key is used for signature
encryption, and the DH portion is used for security encryption.

alan....@the-logic-group.com

unread,
Oct 23, 2007, 10:06:19 AM10/23/07
to
On 19 Oct, 22:31, "Wan-Teh Chang" <w...@google.com> wrote:
> On 19 Oct 2007 13:17:53 -0700, alan.mor...@the-logic-group.com

Well, contrary to my expectations, I have now got the code working
with PK11_PubEncryptRaw - so again a big thank you.

-- Alan M

Wan-Teh Chang

unread,
Oct 23, 2007, 1:14:34 PM10/23/07
to dev-tec...@lists.mozilla.org
On 10/23/07, alan....@the-logic-group.com

<alan....@the-logic-group.com> wrote:
>
> Well, contrary to my expectations, I have now got the code working
> with PK11_PubEncryptRaw - so again a big thank you.

Glad to hear that.

If after you decrypt the data with the RSA public key, you check for
PKCS #1 padding and decode an ASN.1 DigestInfo structure to get
the hash (message digest), then you can replace all this code with
PK11_Verify or PK11_VerifyRecover.

Wan-Teh

0 new messages