The original intention of the toolkit was to provide a set of primitives to carry out S/MIME operations using relatively high-level functions. However, we get so many questions about using the "raw" RSA functions that we've added this section on techniques.
The functions RSA_RawPublic and RSA_RawPrivate just carry out the basic RSA encryption or decryption operation on a "raw" block of data. The block must be exactly the same length in bytes as the length of the RSA key modulus; it must obey certain mathematical properties (in practice, make sure the first byte is zero); and it should be "padded" in a certain way to improve security and make it easier to pass to other systems (the built-in cryptographic functions in .NET hide this part of the process from you).
Encryption and signing use the same RSA operations:
Use the function RSA_EncodeMsg to encode or "pad" the message data you want to encrypt or sign. Remember that Encoding is Not Encryption.
Please check the latest examples on our web site at <http://www.cryptosys.net/pki/pkiexamples.html>.
For encryption in practice, except for very short messages, we generate a random session key, encrypt that using RSA, and then encrypt the plaintext using a faster, symmetric block cipher like Triple DES or AES-128 (hint to implementors: do this in CBC mode, it's much more secure than ECB). This session key is sometimes referred to as the Content Encryption Key (CEK). You would then need to transmit a message to your recipient in the form
+----------------------+----+----------------------------------------------+ | CEK-encrypted-by-RSA | IV | Data-encrypted-by-symmetric-cipher-using-CEK | +----------------------+----+----------------------------------------------+
where IV is the initialization Vector for the block cipher encryption, generated uniquely each time. To decrypt, parse the input into its three components, use the RSA private key (held separately) to decrypt the RSA block and hence get the CEK to use to decrypt the main body of data. This technique is as strong as its weakest link. Triple DES with a full 192-bit triple key is equivalent in security to a 2048-bit RSA key (Ref: [SP80057]).
For digital signing, unless the message is very short, we generate a message digest of the original message using a hash function, "encrypt" the digest using the RSA private key, and then send this block on to our recipient as a "digital signature", usually together with the message itself.
+---------------+------------------+---------------------+ |Hash algorithm | Original message | RSA Signature block | +---------------+------------------+---------------------+
To verify, the recipient parses the input into its components and then "decrypts" the RSA block using the sender's public key to recover the message digest. She then independently computes the message digest hash of the received message and compares the two. If they are the same, then the signature has been verified.