Raw RSA encryption

Mads Kiilerich mads at kiilerich.com
Sun Jul 25 04:33:26 CEST 2010

  Nikos Mavrogiannopoulos wrote, On 07/24/2010 11:05 AM:
> On 07/24/2010 03:07 AM, Mads Kiilerich wrote:
>>   Hi
>> The new gnutls/crypto.h exposes fine functionality for using
>> stream/block ciphers and hash algorithms directly.
>> But I also need raw RSA encryption and can't figure out how to do it -
>> or if it is possible. I just need the basic modulo-exponentiation, for
>> example with values from gnutls_x509_crt_get_pk_rsa_raw.
> I question might be, why you want to do that? GnuTLS tries to hide that
> by providing high level functions to manage certificates and keys.

I'm trying to use GnuTLS for the MS RDP protocol which both have a TLS 
mode and a homebrew mode where certificates and rc4 and md5 and sha and 
RSA is used in a different way.

I'm obviously trying to use GnuTLS for something it wasn't intended for. 
I assume that the new crypto.h stuff also don't have any use if GnuTLS 
is used for what it was intended to be used for through high level 
functions. Apparently PK stuff was left out from crypto.h. I wonder why 
you stopped there, but it is fair enough if that is how you want it.

>> It seems like it is possible to register such a function with
>> gnutls_crypto_pk_register2, but there is no way to retrieve the internal
>> implementation? Or is it OK to use _gnutls_pk_ops.encrypt?
> There is no exported API for that. It is probably possible to do it, but
> it is not trivial, and would require a big deal of new API functions and
> datatypes to maintain.

It seems to me like you already have the needed datatypes and that the 
API wouldn't have to be more complex than what already has been done for 
hash and ciphers. But I don't know which problems you see.

>> Or should I access gcrypt directly, possibly by duplicating the content
>> of _wrap_gcry_pk_encrypt?
>> (In either case it seems like I need to figure out how the simple
>> bigendian format of gnutls_datum_t from gnutls_x509_crt_get_pk_rsa_raw
>> relates to bigint_t?)
> The gnutls_datum_t contains the big integer in an unsigned format that
> is importable by almost all crypto libraries (and thus libgcrypt). The
> bigint_t is the gnutls crypto library's internal representation of that.

I will try something like that. Thanks.


More information about the Gnutls-help mailing list