Mailing List Archive: pk_encrypt/decrypt limited to <1024bit blocks

Hi,

I just detected that the example tests/pubkey.c of libgcrypt 1.4.1
seems to have problems with encrypting/decrypting of data blocks with
a size over 1016 bits. In the example a random number with 800 bits
is created. This works fine. If I change the value e. g. to 1024
encryption or decryption does not work anymore. Is this a bug or a
limitation?

I detected this problem when I encrypted/decrypted data blocks with
2048 bit (and a 1024bit key-pair). Sometimes it seems to work, but
sometimes it fail with the problem that the decrypted data is
completely wrong.

Torsten

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

On Mon, 1 Sep 2008 09:50, torsten.rupp@gmx.net said:

> is created. This works fine. If I change the value e. g. to 1024
> encryption or decryption does not work anymore. Is this a bug or a
> limitation?

That depends on your key size: You can't encrypt a 1024 bit value with a
1024 bit modulus if that value is karge than the modulus. Libgcrypt
does not enforce this because it expects that pkcs#1 encoding is done by
the caller or by passing the pkcs#1 flag. Without proper padding your
encryption is weak.

> I detected this problem when I encrypted/decrypted data blocks with
> 2048 bit (and a 1024bit key-pair). Sometimes it seems to work, but

You mean you try to encrypt a 2048 bit value with a 1024 bit key - that
is obviously not possible.

Salam-Shalom,

Werner

--
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org

Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel