gcry_pk_decrypt and leading zeros in the decrypted output

Einar Karttunen ekarttun at cs.helsinki.fi
Tue Sep 12 16:44:31 CEST 2006


gcry_pk_decrypt creates an s-exp of the decryption result. If passed
something like "(enc-val(flags)(rsa (a%m)))" it returns "(value
plaintext)". Now if the data is encoded as EME-PKCS1-v1_5 it has
a leading zero byte. Libgcrypt seems to want to delete that
when I use gcry_sexp_nth_data (and also with gcry_sexp_nth_mpi).

It seems very unsafe to assume that there was a leading zero
byte that got deleted by libgcrypt as many programs using
libgcrypt seem to do.

What is the correct way to get the value from the decryption result
sexp while preserving any possible leading zero bytes?

- Einar Karttunen

More information about the Gcrypt-devel mailing list