data dependence with md5/64-bit RSA?

[Jesse Hammons]

Hello,

I am trying to sign the first 8 bytes of an MD5 digest using a 64-bit RSA
key.  My understanding is that RSA encryption requires the input data to
match the key length, and this condition is satisfied in this use case.
Are their other restrictions?

I understand what I am doing is not going to create something that is
cryptographically secure, but that is not a requirement for my
application.

I am using openssl in the following command line sequence.  Here I split
the command line across multiple lines to make it easier to read:

    echo -n "ffffffffffffffffffffffff"  |                #the input string
    openssl dgst -md5 -binary   |               #make an md5 digest of the
input
    dd bs=1 count=8 2> /dev/null |           #use the first 8 bytes of the
md5 digest
    openssl rsautl -inkey ./rsa64.key -sign -raw -hexdump   #sign with
64-bit RSA key

The problem is this works for some strings and not others.  When it
doesn't work, the error message "data too large for modulus" doesn't make
sense to me because the the command sequence is failing on an input string
that is actually *smaller* than other input strings that are sucessfully
signed.  Here are some examples that sign without error:

#24  characters input, works ok
$ echo -n "ffffffffffffffffffffffff"  | openssl dgst -md5 -binary | dd
bs=1 count=8 2> /dev/null | openssl rsautl -inkey ./dropdv2.key -sign -raw
-hexdump
0000 - 34 9d 43 ba 88 15 5b 21-                          4.C...[!
$

#3 characters input, works ok
$ echo -n "fff"  | openssl dgst -md5 -binary | dd bs=1 count=8 2>
/dev/null | openssl rsautl -inkey ./dropdv2.key -sign -raw -hexdump
0000 - 28 4b 8c 5f 9e ef fe 3a-                          (K._...:
$

#2 characters input, works ok
$ echo -n "ff"  | openssl dgst -md5 -binary | dd bs=1 count=8 2> /dev/null
| openssl rsautl -inkey ./dropdv2.key -sign -raw -hexdump
0000 - b2 2e a6 c1 f1 33 94 27-                          .....3.'
$

#11 characters input, FAILS!
$ echo -n "thisfsdafsd"  | openssl dgst -md5 -binary | dd bs=1 count=8 2>
/dev/null | openssl rsautl -inkey ./dropdv2.key -sign
[EMAIL PROTECTED]:~/dropdv2$ echo -n "thisfsdafsd"  | openssl dgst -md5
-binary | dd bs=1 count=8 2> /dev/null | openssl rsautl -inkey
./dropdv2.key -sign -raw -hexdump
RSA operation error
5776:error:04066084:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:data too large
for modulus:rsa_eay.c:290:
$

Can anybody tell me what is going on?  Is there a minimum or maximum
length of string I need to use to get the above sequence to work?  If so,
what are the limits?

Your help is greatly appreciated.
Thanks,
-Jesse

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]