Filter
Top Products
Chapter 7 Public-Key Operations 227
MultiPrime
info
to B_SetAlgorithmInfo as NULL_PTR:
Step 3: Init
You will encrypt using the recipient’s RSA public key. Normally, you would obtain
the public key from the recipient or a certificate service. For this exercise, though, you
will simply use the public key you generated in “Generating a Key Pair” on page 214.
B_EncryptInit is quick, so you are safe in passing NULL_PTR as the surrender context:
Block 02 padding will be used because we are peforming a public key encryption
operation, as specified in PKCS#1 v1.5.
Step 4: Update
The Reference Manual Chapter 2 entry on AI_PKCS_RSAPublic states:
For this example, the key’s size in bits is 512, which is 64 bytes. So you cannot pass
more than 53 bytes. If you were encrypting more than 53 bytes, you could not use
AI_PKCS_RSAPublic. If you had more than 53 bytes to encrypt and tried to break it up
into smaller units, calling
B_EncryptUpdate for each unit, it would not work. That is
because PKCS RSA encryption adds padding, and the padding scheme needs at least
11 spare bytes to work. It is intended for digital envelopes and digital signatures, and
in those situations, the number of bytes to encrypt is usually eight, 16, or (for BER-
encoded digests) 34 or 35. If you want to encrypt larger amounts of data using the
RSA algorithm, you must use
AI_RSAPublic, also known as raw RSA encryption and
decryption. See “Raw RSA Encryption and Decryption” on page 231 for more
information.
if ((status = B_SetAlgorithmInfo
(rsaEncryptor, AI_PKCS_RSAPublic, NULL_PTR)) != 0)
break;
if ((status = B_EncryptInit
(rsaEncryptor, publicKey, RSA_SAMPLE_CHOOSER,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
Input constraints:
The total number of bytes to encrypt may not be more than k – 11, where k is the
key’s modulus size in bytes.