On Fri, Dec 09, 2005 at 08:54:01AM -0600, Chevalier, Victor T. wrote:
> > 3500:error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater
> > than modlen:rsa_eay.c:308
>
> And if there is a way to make the public key size larger? Or what!
>
The "modlen" is not the public key size, it is the *modulus* (p*q) that is
shared by both the public and private key. You cannot reversibly encrypt
input that is larger than the modulus. RSA is not used for bulk data
encryption, it is used to encrypt session keys (often 128 or 256 bits).
If OpenSSL supports RSA_EAY_PRIVATE_DECRYPT (note the word "private"
here), with a public key object for key material, that would be
surprising. If you really must try this, note that for RSA there are no
"decrypt" operations, rather there are two keys that both only encrypt,
and encrypting with one key is the inverse of encrypting with the other.
So to "decrypt" with the public key, you really just "encrypt" with the
public key. Decryption with the private key is really the same as signing
(both just encrypt with the private key). Actual secure use requires
various preparatory steps that defeat chosen-<mumble>text attacks.
If you want to verify that the operations are both left and right inverses
of each other, pick a short input X and check:
Encrypt(pubkey, Decrypt(privkey, X)) == X
Decrypt(privkey, Encrypt(pubkey, X)) == X
The "Decrypt" is just a context appropriate name for Encrypt, it is
decryption (or signing) when using the private key and encryption (or
verification) when using the public key.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
