Hi all, I have been using the old version(2.28) for a very long time, and updated to version 3.4.0 recently. When using rsa encryption, there is a parameter 'mode' that allows to choose whether to use a public key or a private key. Why is it canceled in the new version? And how can I use the private key to perform an encryption operation? Thank you for your help!
Hi,
The mode parameter was added early on to accommodate an old protocol that needed it. I am sorry, but I can’t remember what that protocol was and how it used it.
We have removed it, because it is a dangerous feature, and we didn’t expect it to be needed in any modern applications.
Why do you need to do encryption with a private key? What is your use case?
Best regards, Janos (Mbed TLS developer)
From: 克坚 马 via mbed-tls mbed-tls@lists.trustedfirmware.org Date: Monday, 23 October 2023 at 15:58 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] How can I encrypt with a private key? Hi all, I have been using the old version(2.28) for a very long time, and updated to version 3.4.0 recently. When using rsa encryption, there is a parameter 'mode' that allows to choose whether to use a public key or a private key. Why is it canceled in the new version? And how can I use the private key to perform an encryption operation? Thank you for your help! -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
hi Janos, Thanks for your reply!
Due to application vendor restrictions, I need to use the public key to decrypt data encrypted with the private key from the server.
I use 'mbedtls_rsa_check_privkey' to check whether it is a private key and decide to decrypt with private key or public key, which can temporarily solve this problem.
But there is a problem that I cannot use the public key to encrypt when I have the private key.
So do you have any good suggestions for supporting both encryption and decryption with private key and public key?
Thanks again and looking forward to your reply!
Best regards, makejian
Hi Makejian,
I am terribly sorry, but that is not supported anymore.
To achieve that, you would need to swap the public and the private exponents in the RSA context, then remove the CRT coefficients. All these fields in the RSA context are private. That is, you would need to enable MBEDTLS_ALLOW_PRIVATE_ACCES and even if you manage to make it work like this, it is not guaranteed that it will keep working in later versions.
Best regards, Janos (Mbed TLS developer)
From: 克坚 马 via mbed-tls mbed-tls@lists.trustedfirmware.org Date: Tuesday, 24 October 2023 at 13:22 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Re: How can I encrypt with a private key? hi Janos, Thanks for your reply!
Due to application vendor restrictions, I need to use the public key to decrypt data encrypted with the private key from the server.
I use 'mbedtls_rsa_check_privkey' to check whether it is a private key and decide to decrypt with private key or public key, which can temporarily solve this problem.
But there is a problem that I cannot use the public key to encrypt when I have the private key.
So do you have any good suggestions for supporting both encryption and decryption with private key and public key?
Thanks again and looking forward to your reply!
Best regards, makejian -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
Well, you can use mbedtls_rsa_export to obtain N, E and D, and then mbedtls_rsa_import with E and D swapped followed by mbedtls_rsa_complete.
But “encrypt with a private key” doesn't actually make sense. Mathematically, it works, because there's a way to make the core RSA operation work the same in both directions. But the resulting construction is unlikely to have any security properties. Calling mbedtls_rsa_pkcs1_encrypt with a private key doesn't actually “encrypt” since anyone can still obtain the plaintext.
Mbed TLS 3.x still provides the function mbedtls_rsa_public() and mbedtls_rsa_private() if you need some custom RSA-based encoding that is neither a PKCS#1 encryption mechanism nor a PKCS#1 signature mechanism.
Best regards,
hi, Your point about “encrypt with a private key” being insecure is quite correct.
I will try to solve this problem in other ways, thanks for your reply!
Best regards, makejian
Janos Follath via mbed-tls mbed-tls@lists.trustedfirmware.org wrote: > To achieve that, you would need to swap the public and the private > exponents in the RSA context, then remove the CRT coefficients. All > these fields in the RSA context are private. That is, you would need to > enable MBEDTLS_ALLOW_PRIVATE_ACCES and even if you manage to make it > work like this, it is not guaranteed that it will keep working in later > versions.
Also, it will only work with RSA and not with E{CD}DSA.
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
Janos Follath -
Michael Richardson -
克坚 马