gcry_pk_decrypt and leading zeros in the decrypted output

Werner Koch wk at gnupg.org
Wed Sep 13 11:53:41 CEST 2006

On Tue, 12 Sep 2006 16:44, Einar Karttunen said:

> a leading zero byte. Libgcrypt seems to want to delete that
> when I use gcry_sexp_nth_data (and also with gcry_sexp_nth_mpi).

Internally these are all MPIs.  Thus it makes no difference what
function you use to retrieve it.

> It seems very unsafe to assume that there was a leading zero
> byte that got deleted by libgcrypt as many programs using

Why do you think it is unsafe?  Leading zeroes of numbers are
meanigless in computations.  When computing m = c^d mod n there won't
be a leading zero.  We need to invent it.  The reason pkcs#1 requires
the leading zero is to state that this is a non-negative number and
less than n.

> What is the correct way to get the value from the decryption result
> sexp while preserving any possible leading zero bytes?

You don't need the leading zero.  Take a normalized MPI and check that
it is not negative (the latter is always true for our rsa



More information about the Gcrypt-devel mailing list