Thread: RSA key generate then encrypt/decrypt error

Hi group,
I am having trouble with a test RSA c program. The program is using SSL to

1. Generate an RSA
2. Encrypt a test string
3. Decrypt the output of step 2
4. Compare the source and the output of decode.

The code:

Code:

#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <termios.h>

#include <termio.h>

void Dump( char *, int );

int main() {  // main()

  char Key[] = "1234567890";
  unsigned  char Out[1024];
  unsigned  char In[ 1024];
  int   RC, L;

  RSA *My_RSA = RSA_new();

  BIGNUM       *bne = NULL;
  bne = BN_new();
  unsigned long   e = RSA_F4;

  RC = BN_set_word(bne,e);

  RC = RSA_generate_key_ex( My_RSA, 2048, bne, NULL );

  if( RSA_check_key( My_RSA) != 1 )  {
     printf( "RSA Make Key Failed\n" );
     return 1;  }
  else printf( "RSA check key good\n" );
  
  L = strlen( Key );
  printf ( "Key: %s\n", Key );
  Dump( Key, L );

  RC = RSA_public_encrypt( L, Key, In, My_RSA, RSA_PKCS1_PADDING );
  printf( "Encrypted: %d\n", RC );
  Dump( In, RC );

  RC = RSA_public_decrypt( L, In, Out, My_RSA, RSA_PKCS1_PADDING );
  printf( "Decrypted: %d\n", RC );  
  Dump( Out, RC );

  if( strcmp( (char *)Key, (char *)Out ) )  {
     printf( "RSA test failed\n" );  }

  return 1;  }

The output of the program:

Code:

Starting program: /src/RHID/src/rhid/my_rsa 
RSA check key good
Key: 1234567890

0000 0000  31323334 35363738 3930               /* 1234567890       */
End of block -  10 bytes ---------------------  /* ---------------- */
Encrypted: 256

0000 0000  B7C0A681 100980C2 455DE426 8CFEC616  /* ........E].&.... */
0016 0010  5332E746 E1D6B145 8807527F 0637FF75  /* S2.F...E..R..7.u */
0032 0020  166FD204 607E5736 6FB36C6A D4989159  /* .o..`~W6o.lj...Y */
0048 0030  A1791E0D DE21B780 FF7E7483 1208D16C  /* .y...!...~t....l */
0064 0040  B39AC2CA 2B1A1943 A2A6451E 88EA3B25  /* ....+..C..E...;% */
0080 0050  2046BE47 67117F16 20D8FEB9 2E01E72F  /*  F.Gg... ....../ */
0096 0060  CDCAF35C D082EF4B 75B5E4DF 75B00CA1  /* ...\...Ku...u... */
0112 0070  0AE65593 DA1F6003 F1534C87 E3AC894A  /* ..U...`..SL....J */
0128 0080  B2995F81 BFD46FA8 F8B14470 25757614  /* .._...o...Dp%uv. */
0144 0090  6A709289 02701412 7C0CD65C 3C03CA48  /* jp...p..|..\<..H */
0160 00a0  16BD8728 0F24212D 1FAE5E14 855D8D14  /* ...(.$!-..^..].. */
0176 00b0  ABCA486B AE31F0F8 F85F81CF 2B2CFE78  /* ..Hk.1..._..+,.x */
0192 00c0  FDFECE97 106EAAF1 5C07A2F8 2B81BDD7  /* .....n..\...+... */
0208 00d0  DCB6B30F 1AB4BEB9 0FF9E66A 8FFE4566  /* ...........j..Ef */
0224 00e0  8AB1A0B4 CB915421 F24A85C7 68CBF7EB  /* ......T!.J..h... */
0240 00f0  060C08D1 7E08E3B0 EDE5E27D 4A1AEC78  /* ....~......}J..x */
End of block - 256 bytes ---------------------  /* ---------------- */
Decrypted: -1

End of block -   0 bytes ---------------------  /* ---------------- */
RSA test failed

While it compiles and runs, it does not decrypt correctly. i have been working on this for two days, trying many ways to code it.

Could one of you smarter people take look and offer any suggestion?

Thanks for your time. All comments are welcome.

Two problems.
1. When decrypting, the input length will be the return value from the encrypt (RC, which is 256, not L).
2. If you encrypted with public, then you need to decrypt with private!

So try

Code:

  RC = RSA_private_decrypt(RC, In, Out, My_RSA, RSA_PKCS1_PADDING);

And you should either use memcmp to compare the result (of length L), or increase L by 1 so that you also encrypt the null-terminator of the string.

Originally Posted by MrUmunhum

the lenght of the input should be the same as the output?

That sounds like a newbie confusion about my reuse of your RC variable. The input parameter is the old value. I was just reusing RC to receive the new output value.

Anyway, try this, which also stores the public and private keys in files.

Code:

// gcc -std=c99 -Wall -W -pedantic rsa.c -o rsa -lcrypto

#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

typedef unsigned char uchar;
#define NUM_BITS  2048
#define PADDING   RSA_PKCS1_PADDING

int main() {
  char plain[] = "1234567890";
  char encrypted[NUM_BITS / 8];
  char plain2[sizeof plain];
  int len, rsa_len, out_len;

  RSA *rsa = RSA_new();
  BIGNUM *bn = BN_new();
  BN_set_word(bn, RSA_F4);
  // We are assuming the PRNG is automatically seeded
  // (should be the case if system has /dev/urandom)
  RSA_generate_key_ex(rsa, NUM_BITS, bn, NULL);
  BN_free(bn);

  len = strlen(plain);
  printf("Plain: %s\n", plain);

  rsa_len = RSA_public_encrypt(len, (uchar*)plain, (uchar*)encrypted,
                               rsa, PADDING);
  printf("Encrypted: %d\n", rsa_len);
//  Dump(encrypted, rsa_len);

  out_len = RSA_private_decrypt(rsa_len, (uchar*)encrypted, (uchar*)plain2,
                                rsa, PADDING);
  printf("Decrypted: %d\n", out_len);
//  Dump(plain2, out_len);
 
  plain2[out_len] = '\0';

  if (strcmp(plain, plain2) != 0)
     printf( "RSA test failed\n");
  else {
    FILE *f = fopen("private.txt", "w");
    PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL, NULL);
    f = freopen("public.txt", "w", f);
    PEM_write_RSAPublicKey(f, rsa);
    fclose(f);
  }

  RSA_free(rsa);

  return 0;
}

Originally Posted by algorism

That sounds like a newbie confusion about my reuse of your RC variable. The input parameter is the old value. I was just reusing RC to receive the new output value.

Anyway, try this, which also stores the public and private keys in files.

Code:

// gcc -std=c99 -Wall -W -pedantic rsa.c -o rsa -lcrypto

#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

typedef unsigned char uchar;
#define NUM_BITS  2048
#define PADDING   RSA_PKCS1_PADDING

int main() {
  char plain[] = "1234567890";
  char encrypted[NUM_BITS / 8];
  char plain2[sizeof plain];
  int len, rsa_len, out_len;

  RSA *rsa = RSA_new();
  BIGNUM *bn = BN_new();
  BN_set_word(bn, RSA_F4);
  // We are assuming the PRNG is automatically seeded
  // (should be the case if system has /dev/urandom)
  RSA_generate_key_ex(rsa, NUM_BITS, bn, NULL);
  BN_free(bn);

  len = strlen(plain);
  printf("Plain: %s\n", plain);

  rsa_len = RSA_public_encrypt(len, (uchar*)plain, (uchar*)encrypted,
                               rsa, PADDING);
  printf("Encrypted: %d\n", rsa_len);
//  Dump(encrypted, rsa_len);

  out_len = RSA_private_decrypt(rsa_len, (uchar*)encrypted, (uchar*)plain2,
                                rsa, PADDING);
  printf("Decrypted: %d\n", out_len);
//  Dump(plain2, out_len);
 
  plain2[out_len] = '\0';

  if (strcmp(plain, plain2) != 0)
     printf( "RSA test failed\n");
  else {
    FILE *f = fopen("private.txt", "w");
    PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL, NULL);
    f = freopen("public.txt", "w", f);
    PEM_write_RSAPublicKey(f, rsa);
    fclose(f);
  }


  RSA_free(rsa);

  return 0;
}

That did it! Now outputs this:

Code:

Starting program: /src/RHID/src/rhid/my_rsa 
Plain: 1234567890
Encrypted: 256

0000 0000  3AF4CCF2 7A09F0B8 6BB7BBB5 0096A9FB  /* :...z...k....... */
0016 0010  6312182F 5E65D3C2 0FAA05F8 C0581855  /* c../^e.......X.U */
0032 0020  1FB166A0 C8A6DC7B 48A7740F DB4392EE  /* ..f....{H.t..C.. */
0048 0030  4D74B5DF 9A1BD9E9 A5DE8A0B 10450AB0  /* Mt...........E.. */
0064 0040  82A730DC 1A379B7F 4B1F4DF1 E0472D7E  /* ..0..7..K.M..G-~ */
0080 0050  F56C67B4 962FAFD0 2A8C3970 A55B61F2  /* .lg../..*.9p.[a. */
0096 0060  22632814 65F02639 84043FD7 D7B09BF0  /* "c(.e.&9..?..... */
0112 0070  44B2370D E1688ABA 85AE2A74 44E8D532  /* D.7..h....*tD..2 */
0128 0080  5CABC943 3D3BF68D 4E3A644E 58017205  /* \..C=;..N:dNX.r. */
0144 0090  3F5DD6CD 099DF85B 5939B053 E89B2070  /* ?].....[Y9.S.. p */
0160 00a0  CBE27003 AD895D25 0D81C043 3D430A7F  /* ..p...]%...C=C.. */
0176 00b0  59C2F3C9 CA7DC044 6DD477DC 5A821CF3  /* Y....}.Dm.w.Z... */
0192 00c0  CA76C5AB 1A7934F3 1B61CB84 B8509016  /* .v...y4..a...P.. */
0208 00d0  C5804BAD C2AC0080 3D265334 4150E271  /* ..K.....=&S4AP.q */
0224 00e0  732AD8DB 4CE5CFF8 307AAD16 855C55F2  /* s*..L...0z...\U. */
0240 00f0  5A03EA83 093C3D53 B939F133 B3C08169  /* Z....<=S.9.3...i */
End of block - 256 bytes ---------------------  /* ---------------- */
Decrypted: 10

0000 0000  31323334 35363738 3930               /* 1234567890       */
End of block -  10 bytes ---------------------  /* ---------------- */

Now two questions.

1. Why such a big difference in the size of the plain text and the size of the encrypted text?
2. How do I mark this as solved?

Thank you very much for your time.

Originally Posted by algorism

Code:

  if (strcmp(plain, plain2) != 0)
     printf( "RSA test failed\n");
  else {
    FILE *f = fopen("private.txt", "w");
    PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL, NULL);
    f = freopen("public.txt", "w", f);
    PEM_write_RSAPublicKey(f, rsa);
    fclose(f);
  }

  RSA_free(rsa);

OK, so this will wrtie the rsa to disk, now how do I write the rsa to an RSA structure? I tries this:

Code:

 
  BIO    *Public  = BIO_new_mem_buf( Key, -1 );
  BIO_reset( Public );
  RC = PEM_write_bio_RSAPublicKey(  Public,  My_RSA );
   
  printf( "Public key: %d", RC );
  Dump( (char*) Pub_Key, Pub_Key_Size );

But is fails. It really can't be this hard?

You need to read the public key from the bio, not write it.

Code:

  // I'm assuming Key is the contents of "public.txt" here.
  // It needs about 500 bytes of storage so your original Key definition won't do
  // as it was only 11 bytes.
  BIO *Public = BIO_new_mem_buf( Key, -1 );
  My_RSA = PEM_read_bio_RSAPublicKey(Public, NULL, NULL, NULL);

1. Why such a big difference in the size of the plain text and the size of the encrypted text?

The ciphertext includes padding and is as large as you asked it to be. You asked for 2048 bits, i.e., 256 bytes. The size of the plaintext that can be encoded depends on the padding scheme. With the one you chose, it must be less than RSA_size(rsa) - 11, or 245 bytes.

2. How do I mark this as solved?

There is no way to mark threads as "solved".

Originally Posted by algorism

You need to read the public key from the bio, not write it.

Code:

  // I'm assuming Key is the contents of "public.txt" here.
  // It needs about 500 bytes of storage so your original Key definition won't do
  // as it was only 11 bytes.
  BIO *Public = BIO_new_mem_buf( Key, -1 );
  My_RSA = PEM_read_bio_RSAPublicKey(Public, NULL, NULL, NULL);

The ciphertext includes padding and is as large as you asked it to be. You asked for 2048 bits, i.e., 256 bytes. The size of the plaintext that can be encoded depends on the padding scheme. With the one you chose, it must be less than RSA_size(rsa) - 11, or 245 bytes.


There is no way to mark threads as "solved".

I am really confused now. What I want is to keep the public and private keys in memory. These:

Code:

-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwR7fjPVxB9CH3xGe4y0wI0NpLjXsB1UEUURbvzvJY0RnSIkQ
BpOCVfKVRoE11Zi4P7FrjR4MD5eT5lSzxXbQ/Wygy3fICegQD4ipvv1vRA/T1E5m
UHGNZuApVUXGSqiLyu8mOmjI7y0uGGFuWSj5Wg/72q1hyC8rL7D3tC1/kBJOfK+5
X1x80LsPVeNoKkyi7+r92SXryD4mhLn1O2zIS0kfqa2ShNfjfqV2kAgzMu7CzNu3
u8t4IZSxMD2AceX25BCV7obvJoSKagquYuR8lRSlYPV6G7eX3gp09EhO9IcqR4Wy
fVEDLvB2si4lPlct2lv/Jn1WsAXPT1TRD+X5HQIDAQABAoIBACXf3S3y8PD8Z7lK
5mNdeGRiEx25+4lQliEuC+RMYGm0f6ENKHRxt40Nn1MNgjZa1j+/lv09GFZyftIc
aIlgjQo2pK5i1nuC5Kt3PPs1Dv5FMGEh4xUBwB6d9d1Aauw3c/sfvdqUtFub+79S
VGbuD0Eng1hWyqeNAKZAycOvbKYfaZGi99bhoR4sjVz9aQ2eBoXOdFJ9x/E4X3A8
tdp7MK8ke7AoHbRo3zlJBDP3TcEYgMNEGdSza6qTflLk8/yIGaEHul9N8wzUynDI
3+j+w8XX/3EW/E0zttOAx1Tl6ODwfL/urqlRv0vfbU2K8dofR+uPTbCw7vpK/kjf
2JhU7EECgYEA7nTzznNKzzCs99Jqlvbs8hpAv/02c8YYpcjhbjLNjPAKZL4GlzMH
Qpl4gOS9O3sPbt0ZVQuPTYqeZt7/3GdjCSc399yLoTpT1TIwOdkUnQxDrIqooPe/
nG4CP+pDcyaGksZEW6tdrkDRqd01BoRO+MdAzWBFpxXtpYtAA0eGZ3ECgYEAz1QR
NwevceqXz5SgHRX+bkDw91oml4SUgpLup2+I9fUGYwgZMQvuynrZ37hojP3/MuDI
t6QAKt5c/LDmL28nKlgYn9ed7Ie/1G/5g0KNtjafCHh66N8iJaN3jKmsT0oe/f39
d+IYch3timM9Nc9NJBuqk2PkZb5D4/pBHGnfzm0CgYEAqCG8OkfeaoI2ozIwx6rp
XLcYCoa+WxlFDbe7A1k8x3AE1A2MVhW7u8C8T514s7TMJ+4rS2SwMQtZLs1zeHNJ
SA3oD5LovNCEhaEykcc3GpioKsNFrOGir+h9G5XQ4yM55cl4L25/yjqX2n5HQgYO
LKlJTsXftrTmcD/j7awD33ECgYEAjNszmuyIwN895pS2NyyTIHrUe2hvIa+8af3D
UFQRe/DNNwjwfIb74+qVDU6vEWMbN4jKNSGhz34lNLRGnuFofXc+u5H0xBbyODUf
EpNrzejMISghcQbvnxyxAwrfezsDVVJzGzirnRRCJywHEQDXCvoU6HAMYydh3ohO
Jiy0Ff0CgYEA26hXku9DE+YktDxgqPshKjYEmHc6OSuvVFi/wNy1ei96By5yfaOf
jIyG7sUGoLOzJCnb4T2fEp96r7WvnR1wGf4jsmWSS2lZ9jBZdpLMc8159lD/VNUK
rCMQMKcS9doUQI6JcoEf5AN1xl1Yuj2sT1tx8IR6AhCrv5Cvft78cxU=
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwR7fjPVxB9CH3xGe4y0wI0NpLjXsB1UEUURbvzvJY0RnSIkQBpOC
VfKVRoE11Zi4P7FrjR4MD5eT5lSzxXbQ/Wygy3fICegQD4ipvv1vRA/T1E5mUHGN
ZuApVUXGSqiLyu8mOmjI7y0uGGFuWSj5Wg/72q1hyC8rL7D3tC1/kBJOfK+5X1x8
0LsPVeNoKkyi7+r92SXryD4mhLn1O2zIS0kfqa2ShNfjfqV2kAgzMu7CzNu3u8t4
IZSxMD2AceX25BCV7obvJoSKagquYuR8lRSlYPV6G7eX3gp09EhO9IcqR4WyfVED
LvB2si4lPlct2lv/Jn1WsAXPT1TRD+X5HQIDAQAB
-----END RSA PUBLIC KEY-----

What structure do I use RSA or BIO?

I tries both read and write:

Code:

  BIO    *Private = BIO_new_mem_buf( Key, -1 );
  RSA    *Pri_RSA = RSA_new();  // Public and Private RSA
  int     Pri_RSA_Size;         // Size of Private My RSA
  int     Pri_Key_Size;         // Size of Private Key
  char   *Pri_Key;              // Private Key 


  BIO    *Public  = BIO_new_mem_buf( Key, -1 );
  RSA    *Pub_RSA = RSA_new();  // Public RSA
  int     Pub_RSA_Size;         // Size of Public  RSA
  int     Pub_Key_Size;         // Size of Public  Key
  char   *Pub_Key;              // Public Key

  long Error      = ERR_get_error();
  const char* MSG = ERR_error_string( Error, NULL);

  BIO_reset( Public );
  RC = PEM_write_bio_RSAPublicKey( Public, My_RSA );
  Error  = ERR_get_error();
  MSG    = ERR_error_string( Error, NULL);
 
  printf( "Write: %s\n", MSG );
  Dump( (char*) Public, sizeof( BIO ) );

  BIO_reset( Public );
  Pub_RSA = PEM_read_bio_RSAPublicKey( Public, NULL, NULL, NULL );
  Error  = ERR_get_error();
  MSG    = ERR_error_string( Error, NULL);
  printf( "Read:  %s\n", MSG );

The write and read both return errors:

Code:

Write: error:2007507E:lib(32):func(117):reason(126)

0000 0000  00EFDCF7 FF7F0000 00000000 00000000  /* ................ */
0016 0010  00000000 00000000 01000000 01000000  /* ................ */
0032 0020  00020000 00000000 00000000 22000000  /* ............"... */
0048 0030  20446000 00000000 00000000 00000000  /*  D`............. */
0064 0040  00000000 00000000 01000000 00000000  /* ................ */
0080 0050  00000000 00000000 00000000 00000000  /* ................ */
0096 0060  00000000 00000000 C85B97F7 FF7F0000  /* .........[...... */
End of block - 112 bytes ---------------------  /* ---------------- */
Read:  error:09072007:lib(9):func(114):reason(7)

Sorry to be a pain in the ass but I am lost. The thing is I got this to work once but then I fixed it! now I can't get it right.

Thanks again for all your time.

OK, I found this page Simple Public Key Encryption with RSA and OpenSSL and they cleared this up form me.

We generate the key pair as before (this time with a generalized key length and public exponent), but now we used BIO structs to separate the public and private key. BIO’s are just an OpenSSL abstraction to make our lives easier. We use the PEM_write_bio_RSAPrivateKey function and it’s public key counterpart to copy the private and public keys into the newly created BIO structs. We then use the BIO_pending function to get how long our plain text character strings need to be to store the keys and allocate that amount of memory. From there, BIO_read copies the keys from the BIO structs into the character strings. Finally, let’s print them out for fun. Here’s an example of a key pair I generated via this method:

I got this code to work:

Code:

BIO *pri = BIO_new(BIO_s_mem());
BIO *pub = BIO_new(BIO_s_mem());

PEM_write_bio_RSAPrivateKey(pri, My_RSA, NULL, NULL, 0, NULL, NULL);
PEM_write_bio_RSAPublicKey(pub, My_RSA );

size_t pri_len = BIO_pending(pri);
size_t pub_len = BIO_pending(pub);

char *pri_key = malloc(pri_len + 1);
char *pub_key = malloc(pub_len + 1);

BIO_read(pri, pri_key, pri_len);
BIO_read(pub, pub_key, pub_len);

pri_key[pri_len] = '\0';
pub_key[pub_len] = '\0';

printf("\n%s\n%s\n", pri_key, pub_key);

Thanks again for your patience.