>From: owner-openssl-us...@openssl.org On Behalf Of Matt McPhee >Sent: Wednesday, 21 August, 2013 07:17
>I am new to OpenSSL and have a private RSA key and am trying to >read a encrypted message that looks to be in base64 format but >I'm not to sure. When i do [rsautl] i get [PKCS1 padding error] base64 isn't *a* format, it's an encoding that can be and is used for many many formats. But rsautl takes raw binary not any kind of base64 or even a DER structure (which the standard message formats like CMS are), and since it didn't give you a length error your file either isn't base64 or has been truncated somewhere. How long is your file, does it consist entirely of the base64 character set (A-Za-z0-9+/ possibly = and optionally whitespace), and what is the size of your key (or more exactly the modulus n)? If your message is in fact binary and the right size for your key, possibly it was encrypted using different padding than you are trying to decrypt. rsautl uses -pkcs (PKCS1 type2) by default (the original standard still fairly widely used), and also supports -raw (no padding, never recommended but still used by people who don't know better) and -oaep (the newer better standard, see Wikipedia or RFC3447, but only using SHA-1 as first standardized; some people now use OAEP with SHA-2 hashes and OpenSSL doesn't handle that yet). If the person encrypting/sending the message is less unknowledgable, ask them to confirm if it is pure RSA (not hybrid like CMS), not in a structure (like ?), and what padding is used. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
