MultiPrime
230 RSA BSAFE Crypto-C Developer’s Guide
Step 3: Init
To decrypt, you must use the RSA private key that is associated with the public key
that was used to encrypt, which would be the key you generated in “Generating a Key
Pair” on page 214.
B_DecryptInit is quick, so you are safe in passing NULL_PTR as the
surrender context.
Step 4: Update
When you encrypted, there were certain constraints on the size of the input data to
B_EncryptUpdate. The only constraint on the data passed to B_DecryptUpdate is that it
be numerically less than the modulus. If the data you are decrypting was encrypted
using RSA encryption, the data will be numerically less than the modulus.
The encryption process padded the original data, so, while the encrypted data is 64
bytes, the decrypted data will be less than 64 bytes, however, you do not know how
much less. For simplicity, make the decrypted data buffer 64 bytes large. Presumably,
the encrypter added
outputLenUpdate and outputLenFinal from the encryption to
get the total number of bytes of encrypted data. The Reference Manual Chapter 2 entry
on
AI_PKCS_RSAPrivate indicates you may pass a properly cast NULL_PTR for
randomAlgorithm
arguments.
Although RSA decryption is not as slow as key pair generation, you will not see an
immediate response. Use the surrender context shown in Step 3: Init, above, so you
know the program is running and has not frozen:
if ((status = B_DecryptInit
(rsaDecryptor, privateKey, RSA_SAMPLE_CHOOSER,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
#define BLOCK_SIZE 64
unsigned char decryptedData[BLOCK_SIZE];
unsigned int outputLenTotal;
unsigned int outputLenUpdate;
/* where outputLenTotal is the sum of the encryption’s
outputLenUpdate and outputLenFinal. The encrypter should
send this information along with the encrypted data. */
