Erwann ABALEA wrote:
> Notice that you used the -sign argument, to *sign* your data. Therefore, > it *seems* to be encrypted (i.e. you can see garbage in your data.enc > file). Yes, I know I use method meant for signatures only... That is exactly why I'm asking if it is secure for encryption or not, since it is not self-evident, nor clear from any documents I've found. (I'm not actually sure if you indirectly answered this question in your reply, as unfortunately I don't have time to dig into crytography theory. That is why I'm asking this question here on the list, and hoping to get a yes/no-type answer. Sorry if I sound dumb ;). > In your design, the method used won't be > the same, in the sense that the modulus is not known, and the public > exponent is known (if you generate the key with the above procedure). > Therefore the way to obtain the public key is to get the modulus. I don't > personally know any method to get the modulus from the plain text and it's > associated cipher text other than 'hacking' the recipients. Ok, thanks. Does anybody here know more, or could give educated guess based on their mathematical knowledge about RSA crypto? Thank you, this has been most helpful reply this far. Seems like I asked a difficult (or difficult to understand?) question... :-) Ok, let's forget my practical application, and ask a purely theoretical question: "How easy or difficult it is to decrypt RSA private key encrypted data (or even discover the correct public key) without having the corresponding public key? The key used is generic 2048b RSA key." -- Ari Hyttinen Patria Ailon GSM: +358-50-3415081 E-mail: [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
