AW: question about rsa encryption
Kuehn, Ulrich
Ulrich.Kuehn at Dresdner-Bank.com
Tue Feb 4 05:39:09 EST 2003
> Von: Scott G. Kelly [mailto:scott at bstormnetworks.com]
>
> Does anyone know of any issue
> with using
> RSA encryption to encrypt a symmetric key under the target's
> public key
> if the encrypted value is public (e.g. sent over a network)?
>
You have to be very careful in designing and implementing your _de_cryption
routines. There have been some attacks when the decryption is not done
correctly.
References are:
- Daniel Bleichbacher, Chosen Ciphertext Attacks Against Protocols Based on
the RSA Encryption Standard PKCS #1. CRYPTO 1998: 1-12.
- James Manger, A Chosen Ciphertext Attack on RSA Optimal Asymmetric
Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. CRYPTO 2001:
230-238
These attacks are against PKCS#1 padding, and for the method you describe
(direct encryption of a symmetric key with zero padding) I had a paper at
this year's PKC conference describing some attacks.
I hope this helps,
Ulrich Kuehn
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list