Hi,
no problem ... I truly understand what you mean by reading more.

1. Definitely your hint on PKCS#1 ... is saved me some headaches that
I couldn't understand why.

2. If I use this: PKey::RSA.generate(512) I believe that I still have
a random key generated (instead of one with n, d and e desired). From
not much difference than using this:
           #openssl genrsa  -out key.pem 256
           PKey::RSA.new(File.open("/key.pem").read, nil)

3. Finally, thanks for this pearl of wisdow .... so I understand that
the crypted password in the client side (javascript) has to be
converted to bytes in order to be verified.
    > You're getting bytes, javascript gives you hex-encoded data


thanks for your help,

Jean

On 9/5/06, Jan Svitok <jan.svitok / gmail.com> wrote:
> On 9/5/06, Jean Verger <jean.verger / gmail.com> wrote:
> > Hi,
> > thanks for your advices,
> >
> > 1. Is there any way to generate the RSA Key with e, d and n? (instead
> > of using the pem file?
>
> try PKey::RSA.generate(512)
>
> > 2. The output that I'm geetting is out of the "regular" character
> > range ... Im getting some weird characters. I guess it is normal when
> > crypting, but with the javascript RSA model I don't get any "weird
> > character". Anyway to limit the output? This is the output in a
> > browser:
> > http://i108.photobucket.com/albums/n27/jverger/rsaRuby.png
>
> You're getting bytes, javascript gives you hex-encoded data
>
> > 3. Finally ... when using this code i get a different encrypted string
> > every time I run the code! :) How can that be? I mean, given the same
> > .pem file, i get a different encryption, although then, the
> > verification is fine.
>
> PKCS#1 add random padding to the encrypted data to avoid situation,
> when the same data is always encrypted as same ciphertext.
>
> I'd encourage you to read some literature on the topic, as I wrote
> some time ago (http://www.ruby-forum.com/topic/79044), encryption is
> easy to get messed up, and your efforts would be ruined. See the
> thread for some links. You need to understand the basics if you want
> your encryption fulfill its purpose. At least read PKCS#1 standard.
> You'll learn about the padding schemes and various attacks on it
> there.
>
> Please don't get me wrong, this is meant as an advice to not get
> burned. I'll be glad if I'm wrong in this case ;-)
>
>