Re: Need RSA Encryption for bulk data

Eric Young (eay@cryptsoft.com)
Wed, 17 Jun 1998 11:23:51 +1000 (EST)

• Next message: jcaldwel@iquest.net: "Enigma 7"
• Previous message: Simon R Knight: "Locking physical memory (RAM) under Windows"
• Next in thread: jcaldwel@iquest.net: "Re: Need RSA Encryption for bulk data"

On Tue, 16 Jun 1998, Teh Kao Yang wrote:
> THanks for the reply. Yes I understand that most of the time you
> encrypt with a symmetric session key.. but I guess I didn't really
> state my problem clearly enough.. what I really needed was to be able
> to sign some data with a RSA private key. Now I've been able to find
> libraries that, given some data, will hash the data and then sign
> the hash. The thing this, I couldn't find any thing that will just
> do the signing and not the hashing as well. For example RSAREF does
> provide hashing+signing composite functions... what I need is just
> the signing/encrypting part... I already have a hashed value available.
> I tried the Microsoft Crypto API, and that had a function that sort of
> does this, because you can provide a pre-hashed data for it to sign... but
> the problem is, it only accepts pre-hashed data in 16, 20 , or 30 byte
> lengths (I guess corresponding to MD5, and SHA). It will not sign an
> arbritraly length of data.

Ok, using SSLeay 0.9.0,
Assuming you have loaded the RSA key into the RSA structure,
you can use

int RSA_public_encrypt(int flen, unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
int RSA_private_encrypt(int flen, unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
int RSA_public_decrypt(int flen, unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
int RSA_private_decrypt(int flen, unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);

flen is the length of the input,
from is the input (raw data bytes)
to is the desination which must be RSA_size(rsa).
rsa is the public/private key (they reside in the same structure).
and padding can be one of
        RSA_PKCS1_PADDING - pkcs#1 padding, 11 bytes
        RSA_SSLV23_PADDING - The modified pkcs#11 for SSLv2/3
        RSA_NO_PADDING - raw RSA.
When using RSA_NO_PADDING the decrypt/encrypt does not mean very much.
The return value is -1 on error, otherwise the number of bytes written
to 'to'.

eric

• Next message: jcaldwel@iquest.net: "Enigma 7"
• Previous message: Simon R Knight: "Locking physical memory (RAM) under Windows"
• Next in thread: jcaldwel@iquest.net: "Re: Need RSA Encryption for bulk data"