pk_encrypt/decrypt limited to <1024bit blocks

Werner Koch wk at
Mon Sep 1 11:04:38 CEST 2008

On Mon,  1 Sep 2008 09:50, torsten.rupp at said:

> is created. This works fine. If I change the value e. g. to 1024 
> encryption or decryption does not work anymore. Is this a bug or a 
> limitation?

That depends on your key size: You can't encrypt a 1024 bit value with a
1024 bit modulus if that value is karge than the modulus.  Libgcrypt
does not enforce this because it expects that pkcs#1 encoding is done by
the caller or by passing the pkcs#1 flag.  Without proper padding your
encryption is weak.

> I detected this problem when I encrypted/decrypted data blocks with 
> 2048 bit (and a 1024bit key-pair). Sometimes it seems to work, but 

You mean you try to encrypt a 2048 bit value with a 1024 bit key - that
is obviously not possible.



Linux-Kongress 2008 + Hamburg + October 7-10 +

   Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gcrypt-devel mailing list