LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 08-05-2002, 05:38 PM   #1
koningshoed
Member
 
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
RSA public key encryption/private key decription


Hallo all

I'm using the openssl package for a project I'm working on, and have come across the following in the RSA_public_encrypt man page.

"Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure."

What I would like to know is why this is insecure, and how does padding help. I've tried padding using RSA_PKCS1_OAEP_PADDING, but this causes data to encrypt to different "target" values. So say I encrypt the string "this string is to be encrypted" 5 or 6 times, I will end up with 5 or 6 different encrypted versions. For what I'm using it, this is not quite acceptable - the same string should encrypt to the same value each and every time (yes - this is probably slightly insecure - but it is needed). So what I did was pad whatever I get upto a multiple of 128 bytes with 0's (I still want to change this, based upon the input data pad it otherwise). Then encrypt each block of 128 bytes with no padding. Is this ok, or is it as the man pages suggest - REALLY BAD.

Thanks beforehand for all help

koningshoed
 
Old 08-08-2002, 08:25 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,709
Blog Entries: 54

Rep: Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965Reputation: 2965
Maybe this, this or this can help.
*Citeseer has a *lot* of references, you just gotta know how to get to the actual text. Select a reference, select update, and the URI then is at the bottom of the page.

HTH somehow.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which is better RSA or DSA public key? tarballedtux Linux - Security 12 02-03-2009 07:15 AM
SSH public/private key authentication with GnuPG keys? thinksincode Linux - Security 1 02-25-2005 03:33 PM
public/private key authentication with PuTTY NetAX Linux - Security 5 10-27-2004 07:00 PM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 07:00 PM
rsa private key keysize - how big? koningshoed Linux - Security 2 12-14-2002 04:05 PM


All times are GMT -5. The time now is 10:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration