> From: owner-openssl-us...@openssl.org On Behalf Of Oleksiy Lukin > Sent: Tuesday, 05 June, 2012 03:59
> I have problem with EVP_PKEY_decrypt() function and 4K RSA > private key > decrypting data encrypted with EVP_PKEY_encrypt() and corresponding > public key. Keys generated using openssl CA shell script. > Are you counting bits (as is conventional) or bytes/octets? > EVP_PKEY_decrypt() just returns -2 saying that this key is not > supported. BUT! RSA_private_decrypt() works just fine with > this key and > successfully decrypts data encrypted by EVP_PKEY_encrypt()! Sign and > verify operations works fine with EVP_PKEY_sign() and > EVP_PKEY_verify() > with the same keys. > > I use openssl 1.0.1c. > > The questions are: > > 1. Is there some meaningful limitation coded into EVP_PKEY_decrypt() > that does not allow decrypt operation? Not that I see, and 1c works for me with a 4kbit RSA key. There is a limit in the *RSA* module to 16kbit in all cases, and a smaller limit on publickey operations *not* using a small exponent. Both these limits apply whether used through EVP or directly, and RSA keys generated by OpenSSL (always?) have small exponents. > 2. If no such limitations, how I can make it work with 4K RSA keys? > No idea. Try to produce a minimal test program that fails and post it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
