Mailing List Archive: gcry_pk_decrypt and leading zeros in the decrypted output

Hello

gcry_pk_decrypt creates an s-exp of the decryption result. If passed
something like "(enc-val(flags)(rsa (a%m)))" it returns "(value
plaintext)". Now if the data is encoded as EME-PKCS1-v1_5 it has
a leading zero byte. Libgcrypt seems to want to delete that
when I use gcry_sexp_nth_data (and also with gcry_sexp_nth_mpi).

It seems very unsafe to assume that there was a leading zero
byte that got deleted by libgcrypt as many programs using
libgcrypt seem to do.

What is the correct way to get the value from the decryption result
sexp while preserving any possible leading zero bytes?

- Einar Karttunen

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

On Tue, 12 Sep 2006 16:44, Einar Karttunen said:

> a leading zero byte. Libgcrypt seems to want to delete that
> when I use gcry_sexp_nth_data (and also with gcry_sexp_nth_mpi).

Internally these are all MPIs. Thus it makes no difference what
function you use to retrieve it.

> It seems very unsafe to assume that there was a leading zero
> byte that got deleted by libgcrypt as many programs using

Why do you think it is unsafe? Leading zeroes of numbers are
meanigless in computations. When computing m = c^d mod n there won't
be a leading zero. We need to invent it. The reason pkcs#1 requires
the leading zero is to state that this is a non-negative number and
less than n.

> What is the correct way to get the value from the decryption result
> sexp while preserving any possible leading zero bytes?

You don't need the leading zero. Take a normalized MPI and check that
it is not negative (the latter is always true for our rsa
implementation).

Salam-Shalom,

Werner

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel