> From: owner-openssl-us...@openssl.org On Behalf Of Tovey, Dwight (LaserJet R&D FW Eng.) > Sent: Friday, 25 January, 2013 17:50
> On Jan 24, 2013, at 8:13 PM, Dave Thompson <dthomp...@prinpay.com> > wrote: > > > If you want to do it actually in Python: > > - get m and e from the public key (DER isn't hard to parse, > > you were already shown an example elsethread, and if Python > > doesn't have a direct way to convert bytestring to bignum > > which I'd expect it probably does you can just do some > > equivalent of x = 0; for i in 0..n-1 x = x*256+b[i] > > - do whichever padding you used with RSA_public_encrypt > > (this is probably the hardest part, especially if it's OAEP) > > - take the padded data as a bignum (ditto) and do pow(data,e,m) > > - take the result as a bytestring (perhaps implicitly) > > I dug up the X,690 document that describes the DER format, > and that is basically the approach that I've been working on. > I now have a very basic DER parser that will handle the > Sequence and Integer types that are in the public keys that > I'm dealing with. This gives me a Python long integer of 168 > bits for e and another 24-bit integer for m. I should be > able to pass these to the M2Crypto.RSA.new_pub_key() function > once I can get them encoded correctly (they need to be in the > OpenSSL MPINT format). > That can't be right. The key you posted upthread had 1024-bit m represented in 129 octets (because ASN.1 INTEGER is signed) which you might therefore treat as 1025 bits or 1032 bits, and 17-bit e represented in 3 octets which you might treat as 24 bits. Like that key practically all RSA keys you see will have e = 65537 (in hex 01 00 01, either endian!) because that is the fourth Fermat prime, nicknamed F4, thus invertible for any usable group order. You may find a few typically older ones with e = 3. Although other (and larger) public-exponent values are possible, they are more costly to use and provide no benefit, so people (sensibly) don't. RSA moduli can in principle be any size that provides sufficient security, but in practice people mostly use 1024, 2048, and 3072 because they are convenient and/or standardized. > Once I get that working I should then be able to use the > other M2Crypto routines to encrypt my data and my test system > should be good to go. But it's been a long week even with > the holiday, so I'm going to leave that until Monday. Thanks > for all the pointers. > Have a good Monday, then. :-) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
