Collections:
Other Resources:
OpenSSL "rsautl -pkcs" - PKCS#1 v1.5 Padding Option
How to use RSA PKCS#1 v1.5 padding with OpenSSL "rsautl" command? I was told to encrypt a password using an RSA public key with PKCS#1 padding.
✍: FYIcenter.com
OpenSSL "rsautl" uses PKCS#1 v1.5 padding as the default padding schema.
But you can explicitly specify PKCS#1 v1.5 padding by using the "-pkcs" option
as shown below:
C:\Users\fyicenter>type test.txt abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> rsautl -encrypt -pubin -inkey my_rsa_pub.key -in test.txt -out cipher.txt -pkcs OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt -out decipher.txt -pkcs OpenSSL> exit C:\Users\fyicenter>type decipher.txt abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
Note that the "-pkcs" padding option is used in the "rsautl -decrypt" command to perform the padding removal step after the decription process to restore the original clear text.
If you want to see the PKCS#1 padding string, you can use the "rsautl -decrypt -raw -hexdump" command to keep the padding string and dump it in hex digits:
C:\Users\fyicenter>\local\openssl\openssl.exe
OpenSSL> rsautl -decrypt -inkey my_rsa.key -in cipher.txt -raw -hexdump
0000 - 00 02 85 0c bb b2 df 18-6b 97 6d 67 f3 77 6f 67 ........k.mg.wog
0010 - 82 8e 85 3c cc 8d a6 2e-94 81 e4 38 3a ca 1a 99 ...<.......8:...
0020 - 77 36 aa c8 6c 23 d2 7b-64 2f fa 05 07 0b c3 09 w6..l#.{d/......
0030 - b9 59 82 64 30 a2 9b 86-59 6c 8c 3e 60 a1 5b 61 .Y.d0...Yl.>`.[a
0040 - 15 46 cd 0a af 68 3b 29-69 12 d4 00 61 62 63 64 .F...h;)i...abcd
0050 - 65 66 67 68 69 6a 6b 6c-6d 6e 6f 70 71 72 73 74 efghijklmnopqrst
0060 - 75 76 77 78 79 7a 41 42-43 44 45 46 47 48 49 4a uvwxyzABCDEFGHIJ
0070 - 4b 4c 4d 4e 4f 50 51 52-53 54 55 56 57 58 59 5a KLMNOPQRSTUVWXYZ
Options used in this "rsautl" command are:
The byte string from the first 0x00 byte to the second 0x00 byte in the output represents the entire PKCS#1 padding:
00 02 85 0c bb b2 df 18 6b 97 6d 67 f3 77 6f 67 82 8e 85 3c cc 8d a6 2e 94 81 e4 38 3a ca 1a 99 77 36 aa c8 6c 23 d2 7b 64 2f fa 05 07 0b c3 09 b9 59 82 64 30 a2 9b 86 59 6c 8c 3e 60 a1 5b 61 15 46 cd 0a af 68 3b 29 69 12 d4 00
The randomly generated non-0x00 padding string is located between the first 2 bytes, 0x00 0x02, and next 0x00 byte:
85 0c bb b2 df 18 6b 97 6d 67 f3 77 6f 67 82 8e 85 3c cc 8d a6 2e 94 81 e4 38 3a ca 1a 99 77 36 aa c8 6c 23 d2 7b 64 2f fa 05 07 0b c3 09 b9 59 82 64 30 a2 9b 86 59 6c 8c 3e 60 a1 5b 61 15 46 cd 0a af 68 3b 29 69 12 d4
The second byte 0x02 is the BT (Block Type) value. 0x02 indicates an RSA public key encryption block.
⇒ OpenSSL "rsautl" - PKCS#1 v1.5 Padding Size
⇐ OpenSSL "rsautl" Using PKCS#1 v1.5 Padding
2017-05-12, ≈13🔥, 0💬
Popular Posts:
What is the format of a (Certificate Revocation List) CRL file? I just downloaded a CRL from the cer...
How to see the list of trusted root Certification Authorities (CA) and their certificates used by Go...
How to get help on using the Java Keytool command? I have never used Keytool before. If you are new ...
Certificate summary - Owner: kyfw.12306.cn, ????????, Sinorail Certification Authority, CN Issuer: S...
Certificate Summary: Subject: Equifax Secure Certificate Authority Issuer: Equifax Secure Certificat...