Hi, I would like to ask you (experienced people) something. I'm using freeradius 1.0.4 and I have a message of 48 bytes long (a premaster secret) generated with the random function of openssl. This message has to be "public_encrypted" and sent to a radius server. Nevertheless, when I use the RSA_public_encrypt() function this encrypts the message of 48 bytes and generates a 64 bytes encrypted message. Normally this functions like this; but as I sent this "encrypted message" to the server, the server responds me: "tls rsa encrypted value length is wrong". This means that the message is well generated but not well encrypted. Can any of you tell me please how can I fix this problem? Knowing that the RSA public key is 64 bytes long, is it normal that the encrypted message is 64 bytes long too? Do you know another openSSL function that "public_encrypts" a message? Thank you, Juan Daniel MORENO
Juan Daniel Moreno <juanitomoreno@gmail.com> wrote:
Can any of you tell me please how can I fix this problem? Knowing that the RSA public key is 64 bytes long, is it normal that the encrypted message is 64 bytes long too?
The two are completely independent.
Do you know another openSSL function that "public_encrypts" a message?
You don't call the "encryption" functions. You call "send tls data", and it takes care of encrypting the data and putting it into a TLS session. Again, see the FreeRADIUS source code for how it handles this. See wpa_supplicant (another package) for a client implementation of EAP that does exactly what you're trying to do. I don't understand why it's so difficult to read pre-existing code, and to use it as examples for new code. Alan DeKok.
participants (2)
-
Alan DeKok -
Juan Daniel Moreno