gcry_pk_decrypt and leading zeros in the decrypted output
Werner Koch
wk at gnupg.org
Wed Sep 13 11:53:41 CEST 2006
On Tue, 12 Sep 2006 16:44, Einar Karttunen said:
> a leading zero byte. Libgcrypt seems to want to delete that
> when I use gcry_sexp_nth_data (and also with gcry_sexp_nth_mpi).
Internally these are all MPIs. Thus it makes no difference what
function you use to retrieve it.
> It seems very unsafe to assume that there was a leading zero
> byte that got deleted by libgcrypt as many programs using
Why do you think it is unsafe? Leading zeroes of numbers are
meanigless in computations. When computing m = c^d mod n there won't
be a leading zero. We need to invent it. The reason pkcs#1 requires
the leading zero is to state that this is a non-negative number and
less than n.
> What is the correct way to get the value from the decryption result
> sexp while preserving any possible leading zero bytes?
You don't need the leading zero. Take a normalized MPI and check that
it is not negative (the latter is always true for our rsa
implementation).
Salam-Shalom,
Werner
More information about the Gcrypt-devel
mailing list