Raw RSA Techniques

The original intention of this Toolkit was to provide a set of primitives to carry out S/MIME operations using relatively high-level functions. However, we get so many questions about using the "raw" RSA functions that we've added this section on techniques.

The functions RSA_RawPublic and RSA_RawPrivate just carry out the basic RSA encryption or decryption operation on a "raw" block of data. The block must be exactly the same length in bytes as the length of the RSA key modulus; it must obey certain mathematical properties (in practice, make sure the first byte is zero); and it should be "padded" in a certain way to improve security and make it easier to pass to other systems (the built-in cryptographic functions in .NET hide this part of the process from you).

Encrypting and signing with RSA

Encryption and signing use the same RSA operations:

• To encrypt, ciphertextblock = RSA(plaintextblock, public-key)
• To decrypt, plaintextblock = RSA(ciphertextblock, private-key)
• To sign, signatureblock = RSA(messageblock, private-key)
• To verify, messageblock' = RSA(signatureblock, public-key).

In practice, there are rules to pad the input data before applying the RSA transformation.

Use the function RSA_EncodeMsg to encode or "pad" the message data you want to encrypt or sign. This uses the rules in [PKCS#1]. Then use the appropriate RSA_Raw function with the public or private RSA key.

To encrypt some data: use Rsa.EncodeMsgForEncryption with either the Rsa.EME.PKCSv1_5 option or the Rsa.EME.OAEP option, followed by Rsa.RawPublic. The length of the data you can encrypt is limited by the size of the RSA key modulus. This is typically used to encrypt a session key. The data is padded with random bytes before encryption, so the result is always different.

To sign some data: use Rsa.EncodeMsgForSignature followed by Rsa.RawPrivate. The length of the data to be signed is effectively unlimited (well, with some very large limit) because EncodeMsg creates a message digest of the data. If your data-to-be-signed is short enough, it is possible to avoid the EncodeMsg step and construct a block to be signed containing the original data (Hint: make sure the first byte is zero).

More convenient and secure alternatives

Use the functions RSA_Encrypt and RSA_Decrypt to carry out RSA encryption and decryption more conveniently and securely in one step. In .NET use the Rsa.Encrypt and Rsa.Decrypt methods. To sign data in one step, use SIG_SignData (Sig.SignData Method). To verify a signature, use SIG_VerifyData (Sig.VerifyData Method).

[Contents] [Index]