On Fri, Oct 03, 2003, Dave wrote: > On Mon, Sep 29, 2003, Dr Stephen Henson wrote: > > > Aside from issuer name and serial number, I also have other questions: > > On Mon, Sep 29, 2003, I wrote: > > > (I first wanted to encrypt the cleartext file with each of those 20 > > certificates files, and then to compare the MD5 checksum against the MD5 sum > > of the "mysterious" encrypted file. I guess this doesnt work because it 2 > > successive encryptions of a given file with a given key seem to yield > > different encrypted files) > > > This is what I actually did : > > # openssl smime -encrypt -in cleartext -out test1 certificate.crt > # openssl smime -encrypt -in cleartext -out test2 certificate.crt > # openssl smime -encrypt -in cleartext -out test3 certificate.crt > # openssl smime -encrypt -in cleartext -out test4 certificate.crt > # openssl smime -encrypt -in cleartext -out test5 certificate.crt > # cp test1 copy1 > # md5sum * > > > 719ad63dbda4a607480ab8fa00c99a3b copy1 > <snip> > 719ad63dbda4a607480ab8fa00c99a3b test1 > 5e368e517c75d1307a23fc85076dc3b0 test2 > b45ac4071a1b133a3505c906838ea3bd test3 > c539a908bb79792a8ff98e912efef7d9 test4 > 178dac41201d36379275dd2ee06b4498 test5 > > > QUESTION 1: > So I wanted to ask why it is beneficial/necessary that "2 encryptions of a > given file with a given key yield different encrypted files". And also how > is it achieved ? > > > # openssl smime -encrypt -in cleartext -out file certificate.crt > > >From the man page, this command uses the RC2 40bit algorithm. > I have had a quick look at the RC2 description but it didn't mention any > pseudo-random operation. > (http://www.ipa.go.jp/security/rfc/RFC2268EN.html) > > > > QUESTION 2: > On a side note, the certificate was generated from a 2048-bit private key. > The encryption command didn't report any warning/error, so how does it handle > that key? ... 40bit RC2 with a 2048bit key ... I'm lost here. >
When you encrypt data with S/MIME OpenSSL generates a random key whihc is used to encrypt the message content. It then encrypts this key using the recipients key or keys. The RSA scheme used can encrypt data of any size up to modulus_size - 11. Where modulius_size is in bytes. So this random key results in the behaviour you are seeing. In fact even if you used the same key the digests would be different because the RSA scheme also adds random data, see the PKCS#1 spec on RSAs site for more info. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
