Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: gcrypt

gcry_pk_decrypt and leading zeros in the decrypted output

 

 

GnuPG gcrypt RSS feed   Index | Next | Previous | View Threaded


ekarttun at cs

Sep 12, 2006, 7:44 AM

Post #1 of 2 (1057 views)
Permalink
gcry_pk_decrypt and leading zeros in the decrypted output

Hello

gcry_pk_decrypt creates an s-exp of the decryption result. If passed
something like "(enc-val(flags)(rsa (a%m)))" it returns "(value
plaintext)". Now if the data is encoded as EME-PKCS1-v1_5 it has
a leading zero byte. Libgcrypt seems to want to delete that
when I use gcry_sexp_nth_data (and also with gcry_sexp_nth_mpi).

It seems very unsafe to assume that there was a leading zero
byte that got deleted by libgcrypt as many programs using
libgcrypt seem to do.

What is the correct way to get the value from the decryption result
sexp while preserving any possible leading zero bytes?

- Einar Karttunen

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel


wk at gnupg

Sep 13, 2006, 2:53 AM

Post #2 of 2 (979 views)
Permalink
Re: gcry_pk_decrypt and leading zeros in the decrypted output [In reply to]

On Tue, 12 Sep 2006 16:44, Einar Karttunen said:

> a leading zero byte. Libgcrypt seems to want to delete that
> when I use gcry_sexp_nth_data (and also with gcry_sexp_nth_mpi).

Internally these are all MPIs. Thus it makes no difference what
function you use to retrieve it.

> It seems very unsafe to assume that there was a leading zero
> byte that got deleted by libgcrypt as many programs using

Why do you think it is unsafe? Leading zeroes of numbers are
meanigless in computations. When computing m = c^d mod n there won't
be a leading zero. We need to invent it. The reason pkcs#1 requires
the leading zero is to state that this is a non-negative number and
less than n.

> What is the correct way to get the value from the decryption result
> sexp while preserving any possible leading zero bytes?

You don't need the leading zero. Take a normalized MPI and check that
it is not negative (the latter is always true for our rsa
implementation).


Salam-Shalom,

Werner


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

GnuPG gcrypt RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.