:-) Well, the 'funny' bit in your original message is that it's not about 'padding' (what the others talk about) as 'padding' always ends up FOLLOWING (after) your content/data, while you specifically mention you have to _precede_ your data with 16 bytes of... what?
Which makes it kinda weird, because the only byte sequence I know that can precede your content/data, is the so-called IV (Init Vector), but then you can't just plunk it in there and do nothing with it -- which is what I read from your messages (twice): you apparently have to PREpend your content with 16 bytes. Any specific 16 bytes or just random gunk? And then the wicked bit is that your parent company's web service actually tolerates that _and_ from your message I understand they only accept your *actual* data only then. The OAEP stuff is all valid and valuable, but that's when you *design* these kind of exchanges, not when you're faced with a 'fait accomplit' like you seem to be in: I take it you don't have access to the parent corp. developers nor the clout to change _their_ side of things. For a real answer, we're a bit short on detail here (like: (1) What do you drop into those preceding 16 bytes? (2) How long is your message content itself? (3) What's the code look like?) but my guess right now is this is something IV-ish done by your parent corp. when they concocted this one. (Simplified explanation of IV: IV's are used to help make the crypted data look like a 'real mess' as an IV is just a series of random data at the start of a message, which prevent cryptanalysts from having an easier job at guessing your content -- compare this to email, where you always start with 'Hi <name>,', then if you're a cryptanalyst, you can assume the first few crypted bytes are 'Hi ...' and that's makes your life way easier when you have to break the encryption. Now starting each message with some random gunk instead (= IV), before you send some actual data, causes such kind of assumptions to go striaght down the toilet and life more hard for the code breaker.) We lost you, but back again a bit now? Ger On Thu, Sep 18, 2008 at 10:56 AM, Peter Walker <[EMAIL PROTECTED]> wrote: > Sorry if this sounds ultra noobish but you guys lost me, even though you > probably did answer my question ;) > > The purpose of my application is to send a credit card number in > encrypted format. > > So the parent companies webservice issues me a X509 certificate which > contains their public RSA key. > > I extract the RSA public key from the X509 certificate and use that to > encrypt the credit card number using RSA_public_encrypt with > RSA_PKCS1_PADDING. > > I thought that would be the end of it but it turns out that I needed to > add 16 bytes to the beginning of the raw data before encryption. Then it > all works. > > So as a noob, I just wanted to know if that is the correct requirement > of RSA or a requirement of my parent companies web service only? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Michael Sierchio > Sent: 17 September 2008 22:48 > To: openssl-users@openssl.org > Subject: Re: Do you have to pre-pend 16 bytes to a raw value before RSA > encryption > > Kenneth Goldman wrote: > >> What padding are you specifying? I suspect that you are specifying >> no padding, in which case the size of the input must be the same >> as the size of the key. > > No. The input is the same size as the *modulus*. > > When used in encryption the recommended approach for RSA is to pad > every block, and not to encrypt MODULUS-SIZE bytes of plaintext. There > are very good reasons for this which will not be obvious to all readers > of this thread, but you would want to use OAEP (Optimal Asymmetric > Encryption > Padding) if you are doing something other than signing (e.g. using RSA > for > to encrypt a session key). > > If the OP means what he says, which is *signing* a public key (the > purpose > of which is entirely unclear to me), then the plaintext will be the hash > of > the pubkey, right? In which case the padding will have to be sufficient > to fill the remaining RSA block size, whatever that is. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > > -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: [EMAIL PROTECTED] mobile: +31-6-11 120 978 -------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
