On 10/19/07, David E. Ross <[EMAIL PROTECTED]> wrote:
> On 10/19/2007 5:35 AM, [EMAIL PROTECTED] wrote:
> > I am currently trying to convert from OpenSSL to NSS (seemed like a good
> > idea at the time). The code that I currently have an issue with is
> > essentially ...
> >
> > key=RSA_new();
> > if (key) {
> > key->n=BN_bin2bn(IssPubKey,IssPubKeyLgth,NULL);
> > key->e=BN_bin2bn(PubKeyExponent->value,PubKeyExponent->lgth,NULL);
> > decrypt_lgth=RSA_public_decrypt(lgth, value, (unsigned char
> > *)recovered, key, RSA_NO_PADDING);
> > }
> > RSA_free(key);
> >
> >
> > but the key is a public key.
>
> Here, X.509 keys are used very much like OpenPGP keys. Public keys
> encrypt; private keys decrypt. See my
> <http://www.rossde.com/PGP/pgp_encrypt.html#basic>.
The RSA_public_decrypt man page indicates that this is a low-level
signature function. You use a public key to decrypt an RSA signature
so that you can verify the recovered hash.
The NSS function PK11_PubEncryptRaw performs the same
mathematical operation as RSA_public_decrypt(..., RSA_NO_PADDING),
even though PK11_PubEncryptRaw is originally intended for RSA
encryption.
Wan-Teh
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
