Hannes Schuller wrote: > > I'm very puzzled here. Why do you sign the reply and then sign a hash > > of the signature? You say "Message encryption successful", but that's > > a signature you're doing, not an encryption. > I was under the impression that RSA_private_encrypt and > RSA_public_encrypt do nothing but encrypt the given payload. The > (non-quoted) code before this ensures the reply is shorter than the > regular message digest length.
RSA is a low-level algorithm. It provides primitives called "encryption" and "decryption". But whether they actually encrypt (in the sense of concealing contents so that only a desired party can access them) depends on the system as a whole. So yes, RSA_private_encrypt performs the RSA primitive operation known as "encryption". But it doesn't actually encrypt anything in the sense of concealing contents to that only a desired party can access them. (Because anyone with the public key can reverse the operation.) > What would be the prefered way for encryption? See the various EVP_Encrypt functions that provide encryption in the conventional sense rather than the RSA_* functions that provide RSA primitive operations that may or may not meet security objectives. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
