CryptoSys PKI Pro Manual

RSA_Encrypt

Encrypt a short message using RSA encryption.

VBA/VB6 Syntax

Public Declare Function RSA_Encrypt Lib "diCrPKI.dll" (ByRef lpOutput As Byte, ByVal nOutBytes As Long, ByRef lpInput As Byte, ByVal nInputLen As Long, ByVal strPublicKeyFile As String, ByVal strParameters As String, ByVal nOptions As Long) As Long

nRet = RSA_Encrypt(lpOutput(0), nOutBytes, lpInput(0), nInputLen, strPublicKeyFile, strParameters, nOptions)

C/C++ Syntax

long __stdcall RSA_Encrypt(unsigned char *lpOutput, long nOutBytes, const unsigned char *lpInput, long nInputLen, const char *szPublicKeyFile, const char *szParameters, long nOptions);

Parameters

lpOutput
[out] byte array to receive the encrypted output.
nOutBytes
[in] maximum length of the output array.
lpInput
[in] byte array containing the data to be encrypted.
nInputLen
[in] length of input in bytes.
szPublicKeyFile
[in] specifying the name of the public key file or X.509 certificate (or a string containing the key or certificate in PEM format, or a valid internal public key string).
szParameters
[in] For specialist use. Specify "". See remarks.
nOptions
[in] option flags. Include one of the following:-
PKI_EME_PKCSV1_5 (0) to encrypt using the RSAES-PKCS1-v1_5 encryption scheme (default).
PKI_EME_OAEP to encrypt using the RSAES-OAEP encryption scheme.

If you have selected PKI_EME_OAEP, then add one of these options to set the hash function for EME-OAEP encoding:
PKI_HASH_SHA1 (0) to use SHA-1 (default).
PKI_HASH_SHA224 to use SHA-224
PKI_HASH_SHA256 to use SHA-256
PKI_HASH_SHA384 to use SHA-384
PKI_HASH_SHA512 to use SHA-512
and, optionally, add:-
PKI_MGF_MGF1SHA1 to force the MGF hash function to be SHA-1 (default = same as encoding hash function set above)

Returns (VBA/C)

If successful, the return value is the number of bytes required to store the full output data. If an error occurs, it returns a negative error code.

VBA Wrapper Syntax

Public Function rsaEncrypt (lpInput() As Byte, szPublicKeyFile As String, Optional nOptions As Long = 0, Optional szParameters As String = "") As Byte()

.NET Equivalent

Rsa.Encrypt Method

C++ (STL) Equivalent

static bvec_t dipki::Rsa::Encrypt (const bvec_t &data, const std::string &publicKeyFileOrString, EME method=EME::PKCSv1_5, HashAlg hashAlg=HashAlg::Sha1, AdvOpts advOpts=AdvOpts::Default, const std::string &params="")

Python Equivalent

static Rsa.encrypt(data, pubkeyfileorstring, method=EME.PKCSV1_5, hashalg=HashAlg.SHA1, advopts=AdvOpts.DEFAULT, params="")

Remarks

Set nOutBytes to zero and/or lpOutput to 0 (or NULL) to return the required number of bytes. The output is always the same length in bytes as the RSA modulus, which can be found directly using the RSA_KeyBytes() function.

There is a limit on the length of data that can be encrypted. For RSAES-PKCS1-V1_5, nInputLen must not be greater than the key length in bytes (k) minus 11. For RSAES-OAEP, nInputLen must not be greater than k - 2*hLen - 2, where hLen is the length in bytes of the hash function output. Note this means, for example, that you cannot use SHA-512 with a 1024-bit RSA key with RSAES-OAEP.

The default parameters for RSA-OAEP encoding are 

hashAlgorithm = sha1,
maskGenAlgorithm = mgf1SHA1 (MGF1 with SHA-1)
pSourceAlgorithm =pSpecifiedEmpty (label L is the empty string)

You can change the hash algorithm using nOptions (and by default the MGF1 hash algorithm will be the same), and you can force the MGF1 hash algorithm to be SHA-1. You cannot change the mask generation algorithm (there isn't another!) or the pSourceAlgorithm parameter (i.e. the label is always the empty string). For more details see RSA encryption and signature schemes.

To carry out tests against known test vectors, you can pass a fixed seed value in szParameters. For example, "seed=18b776ea21069d69776a33e96bad48e1dda0a5ef". This string must begin with "seed=" and be followed by the seed value in hexadecimal encoding. This must represent a byte array of exactly hLen bytes, the length of the output of the hash function.

Example (VBA core function)

Dim strPriKeyFile As String
Dim strPubKeyFile As String
Dim abMsg() As Byte
Dim nMsgLen As Long
Dim abEnc() As Byte
Dim nEncLen As Long
Dim abDec() As Byte
Dim nDecLen As Long
Dim strOkHex As String

' RSAES-OAEP Encryption Example 1.1 from `oaep-vect.txt` in `pkcs-1v2-1-vec.zip`
' RSA key file 1024-bit
strPubKeyFile = "rsa-oaep-1.pub"
strPriKeyFile = "rsa-oaep-1.p8"

' Message to be encrypted:
abMsg = cnvBytesFromHexStr("6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34")
nMsgLen = UBound(abMsg) + 1
Debug.Print "MSG=" & cnvHexStrFromBytes(abMsg)

' 1. Encrypt using RSA-OAEP but set seed to be a fixed value to compare with test vector
nEncLen = RSA_Encrypt(0, 0, abMsg(0), nMsgLen, strPubKeyFile, "seed=18b776ea21069d69776a33e96bad48e1dda0a5ef", PKI_EME_OAEP)
Debug.Print "RSA_Encrypt() returns " & nEncLen & " (expecting 128 = 1024 bits)"
' Allocate memory for byte array
ReDim abEnc(nEncLen - 1)
' Do the business - this should always give the same result
nEncLen = RSA_Encrypt(abEnc(0), nEncLen, abMsg(0), nMsgLen, strPubKeyFile, "seed=18b776ea21069d69776a33e96bad48e1dda0a5ef", PKI_EME_OAEP)
Debug.Print "ENC=" & cnvHexStrFromBytes(abEnc)

' Known answer from test vector
strOkHex = "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a"
Debug.Print "OK =" & strOkHex

' 2. Decrypt - the private key is unencrypted with no password
nDecLen = RSA_Decrypt(0, 0, abEnc(0), nEncLen, strPriKeyFile, "", "", PKI_EME_OAEP)
Debug.Print "RSA_Decrypt() returns " & nDecLen
' Allocate memory for byte array
ReDim abDec(nDecLen - 1)
' Decrypt
nDecLen = RSA_Decrypt(abDec(0), nDecLen, abEnc(0), nEncLen, strPriKeyFile, "", "", PKI_EME_OAEP)
Debug.Print "DEC=" & cnvHexStrFromBytes(abDec)

' 3. Encrypt using RSA-OAEP using SHA-256
nEncLen = RSA_Encrypt(0, 0, abMsg(0), nMsgLen, strPubKeyFile, "", PKI_EME_OAEP + PKI_HASH_SHA256)
Debug.Print "RSA_Encrypt() returns " & nEncLen & " (expecting 128 = 1024 bits)"
' Allocate memory for byte array
ReDim abEnc(nEncLen - 1)
' Do the business - this will be different each time
nEncLen = RSA_Encrypt(abEnc(0), nEncLen, abMsg(0), nMsgLen, strPubKeyFile, "", PKI_EME_OAEP + PKI_HASH_SHA256)
Debug.Print "ENC=" & cnvHexStrFromBytes(abEnc)

' 4. Decrypt - we must specify the hash function used to encrypt
nDecLen = RSA_Decrypt(0, 0, abEnc(0), nEncLen, strPriKeyFile, "", "", PKI_EME_OAEP + PKI_HASH_SHA256)
Debug.Print "RSA_Decrypt() returns " & nDecLen
' Allocate memory for byte array
ReDim abDec(nDecLen - 1)
' Decrypt
nDecLen = RSA_Decrypt(abDec(0), nDecLen, abEnc(0), nEncLen, strPriKeyFile, "", "", PKI_EME_OAEP + PKI_HASH_SHA256)
Debug.Print "DEC=" & cnvHexStrFromBytes(abDec)

MSG=6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34
RSA_Encrypt() returns 128 (expecting 128 = 1024 bits)
ENC=354FE67B4A126D5D35FE36C777791A3F7BA13DEF484E2D3908AFF722FAD468FB21696DE95D0BE911C2D3174F8AFCC201035F7B6D8E69402DE5451618C21A535FA9D7BFC5B8DD9FC243F8CF927DB31322D6E881EAA91A996170E657A05A266426D98C88003F8477C1227094A0D9FA1E8C4024309CE1ECCCB5210035D47AC72E8A
OK =354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
RSA_Decrypt() returns 28
DEC=6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34
RSA_Encrypt() returns 128 (expecting 128 = 1024 bits)
ENC=9BF3C801D9C73CD6FDDBF3C80715DD83A076D11BDCC1F73DC3ED7999EB2A4BB18296591E0B574374BC17CFF2EC290BD4730D70C9E1AEFA1D453F64A1C15A4C8ECA4E6CE9E1EF76B9253B6636426A8BC16B65A76BD280AB8DD5DF7607F5EF09D2BCC72CABD2E26608DD17FF80705861A79E11F50DDEA6083A567B4EEA40CAA2C5
RSA_Decrypt() returns 28
DEC=6628194E12073DB03BA94CDA9EF9532397D50DBA79B987004AFEFE34

Example (VBA wrapper function)

Dim strPubKeyFile As String
Dim lpMsg() As Byte
Dim lpEnc() As Byte
Dim strPriKeyFile As String
Dim lpDec() As Byte

' Message to be encrypted:
lpMsg = cnvBytesFromHexStr("6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34")
Debug.Print "MSG=" & cnvHexStrFromBytes(lpMsg)

' Use RSA-OEAP with SHA-256
strPubKeyFile = "rsa-oaep-1.pub"
lpEnc = rsaEncrypt(lpMsg, strPubKeyFile, PKI_EME_OAEP + PKI_HASH_SHA256)
' NB different each time...
Debug.Print "ENC=" & cnvHexStrFromBytes(lpEnc)
strPriKeyFile = "rsa-oaep-1.p8"
lpDec = rsaDecrypt(lpEnc, strPriKeyFile, "", PKI_EME_OAEP + PKI_HASH_SHA256)
Debug.Print "DEC=" & cnvHexStrFromBytes(lpDec)

strPubKeyFile = "rsa-oaep-1.pub"
' Set seed to fixed value for debugging....
lpEnc = rsaEncrypt(lpMsg, strPubKeyFile, PKI_EME_OAEP, "seed=18b776ea21069d69776a33e96bad48e1dda0a5ef")
Debug.Print "ENC=" & cnvHexStrFromBytes(lpEnc)
Debug.Print "OK =354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb" _
    & "21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535f" _
    & "a9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426" _
    & "d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a"
' Decrypt
strPriKeyFile = "rsa-oaep-1.p8"
lpDec = rsaDecrypt(lpEnc, strPriKeyFile, "", PKI_EME_OAEP)
Debug.Print "DEC=" & cnvHexStrFromBytes(lpDec)

See Also

RSA_Decrypt RSA_EncodeMsg RSA_RawPublic

[Contents] [Index]

[PREV: RSA_EncodeMsg...]   [Contents]   [Index]   
   [NEXT: RSA_FromXMLString...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.