RSAES-OAEP Encryption Examples

This example shows how to use the raw RSA functions in the CryptoSys PKI Toolkit to carry out RSA public key encryption and decryption using the RSAES-OAEP method from PKCS #1: RSA Cryptography Specifications Version 2.1 (PKCS-1v2-1). It reproduces and verifies the tests available in the test vectors file `pkcs-1v2-1-vec.zip' available from RSA Laboratories.

[Version 2.6 update: you can do this much easier using the new RSA_EncodeMsg function. See RSA Techniques.]

There are three VB6/VBA modules.

  1. RSAES_OAEP_example.bas shows how to reproduce the "Worked-Out Example For RSAES-OAEP" in the file `oaep-int.txt' from pkcs-1v2-1-vec.zip
     
  2. RSAES_OAEP.bas shows how to change the functions from (1) to make the generic RSAES-OAEP encrypt and decrypt functions rsaes_oaep_Encrypt and rsaes_oaep_Decrypt. A test example is given that shows how to call the encryption functions after generating a unique seed using the RNG_Bytes function. The module also includes the common code for the MGF1 function and some useful utilities we use for handling byte arrays: AppendBytes(), BytesLength(), XorBytes(), BytesAreEqual() and ISOSP4(). It also includes the readPrivateKeyInfo() function which we use to read the unencrypted private key files we've extracted from the test vector file. We do this for convenience. In practice, we'd only be keeping and using encrypted private key files.
     
  3. RSAES_OAEP_tests.bas carries out all the tests for RSAES-OAEP in the file `oaep-vec.txt'.

All these example functions carry out their encryption and decryption operations using byte arrays and output the results to the immediate window using Debug.Print. It all looks pretty boring to the observer who isn't familiar with hexadecimal notation and the details of how PKCS#1 is meant to work. We've left in all the Debug statements so you can see what's happening. Errors are just handled with MsgBox statements for simplicity. You are welcome to alter the code to suit your own error-handling in your own applications.

These three Visual Basic modules can be downloaded in zipped format rsaes-oaep-vbcode.zip (26 kB). The public and private RSA key files extracted from the test vector data are in rsaes-oaep-keys.zip (13 kB). Note that the private keys are stored in unencrypted private key info format, except for the rsa1024epk.bin file which has the password "password". To read these unencrypted files, see the function readPrivateKeyInfo() referred to in (2) above. To encrypt a private key info file, use the function encryptPrivateKeyInfo() given in (1) above.

You will need to include in your project the module basCrPKI and install the CryptoSys PKI Toolkit available from http://www.cryptosys.net/pki/.

If you want to see the Perl script we used to extract all this stuff, please download extract-vect.zip (3 kB).

Comments? Found a mistake? Please let us know.

This page last updated: 3 September 2005

Copyright (C) 2005 DI Management Services Pty Limited
<www.di-mgt.com.au>   <www.cryptosys.net>