[12445] in cryptography@c2.net mail archive
AW: question about rsa encryption
daemon@ATHENA.MIT.EDU (Kuehn, Ulrich)
Tue Feb 4 10:11:30 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: "Kuehn, Ulrich" <Ulrich.Kuehn@Dresdner-Bank.com>
To: "'Scott G. Kelly'" <scott@bstormnetworks.com>,
crypto mailing list <cryptography@wasabisystems.com>
Date: Tue, 4 Feb 2003 11:39:09 +0100
> Von: Scott G. Kelly [mailto:scott@bstormnetworks.com]
>
> Does anyone know of any issue
> with using
> RSA encryption to encrypt a symmetric key under the target's
> public key
> if the encrypted value is public (e.g. sent over a network)?
>
You have to be very careful in designing and implementing your _de_cryption
routines. There have been some attacks when the decryption is not done
correctly.
References are:
- Daniel Bleichbacher, Chosen Ciphertext Attacks Against Protocols Based on
the RSA Encryption Standard PKCS #1. CRYPTO 1998: 1-12.
- James Manger, A Chosen Ciphertext Attack on RSA Optimal Asymmetric
Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. CRYPTO 2001:
230-238
These attacks are against PKCS#1 padding, and for the method you describe
(direct encryption of a symmetric key with zero padding) I had a paper at
this year's PKC conference describing some attacks.
I hope this helps,
Ulrich Kuehn
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
