-
Notifications
You must be signed in to change notification settings - Fork 161
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When decrypted with a different private key, OpenSSL::PKey::RSAError
does not occur
#732
Comments
This is a change in OpenSSL 3.2 (the C library, not ruby/openssl) to mitigate a timing attack with PKCS#1 v1.5 padding. It is also backported to older versions as a security fix in some distributions, such as Fedora or Ubuntu. https://www.openssl.org/docs/man3.2/man3/EVP_PKEY_decrypt.html You can use |
thanks! |
Hi,
Is there a way to determine if the wrong key is being used when decrypting a string?
In ruby 2.7, when a different key was used, it would raise
OpenSSL::PKey::RSAError
.ruby 2.7.6 and OpenSSL 2.1.3
However, when upgrading to ruby 3, even if the wrong key is used,
OpenSSL::PKey::RSAError
no longer occurs.ruby 3.2.3 and OpenSSL 3.1.0
I'm not sure if this is a specification or a bug, but I would like to know if there is a way to determine it.
The text was updated successfully, but these errors were encountered: