Chapter 2 Algorithm Info Types 169
AI_PKCS_RSAPrivateBER
Algorithm methods to include in application’s algorithm chooser:
AM_RSA_CRT_ENCRYPT or AM_RSA_CRT_ENCRYPT_BLIND for encryption, or
AM_RSA_CRT_DECRYPT or AM_RSA_CRT_DECRYPT_BLIND for decryption.
AM_RSA_CRT_ENCRYPT_BLIND and AM_RSA_CRT_DECRYPT_BLIND perform blinding to
protect against timing attacks, whereas
AM_RSA_CRT_ENCRYPT and
AM_RSA_CRT_DECRYPT do not.
Key info types for keyObjec t in B_EncryptInit or B_DecryptInit:
KI_RSA_CRT, KI_PKCS_RSAPrivate, KI_PKCS_RSAPrivateBER, or KI_RSAPrivateBSAFE1.
Compatible representation:
AI_PKCS_RSAPrivate, AI_PKCS_RSAPrivatePEM.
Input constraints:
The total number of bytes to encrypt may not be more than
k – 11
, where
k
is the key’s
modulus size in bytes.
Output considerations:
The output of encryption will be the same size as the key’s modulus.
