[Botan-devel] Bug: Dropping leading zeros

Rickard Bellgrim rickard.bellgrim at iis.se
Fri May 28 12:09:26 EDT 2010


On 28 maj 2010, at 16.29, Jack Lloyd wrote:

> This seems impossible to fix, at least from my thinking right now. The
> problem is that with the raw encoding there is no indicator of length,
> etc. So, for instance if you encrypted any of these plaintexts:
> 
> AA
> 00AA
> 0000AA
> 000000AA
> [and so on]
> 
> You would always get an identical ciphertext, so there is seemingly no
> meaningful way to say that there were originally N leading zeros in
> the plaintext, and not N+1 or N-1. This is somewhat intrinsic to the
> fact that bare RSA encrypts integers, not bitstrings, and without a
> canonical and unambigious encoding of some kind it's impossible to do
> the conversion perfectly losslessly.

Hmm, but shouldn't Botan enforce that the input data has the same length as the modulus? Then Botan do not have to pad it with leading zeros and then you also get the correct data back when you decrypt it, since Botan know the modulus size.

// Rickard


More information about the botan-devel mailing list