MultiPrime
232 RSA BSAFE Crypto-C Developer’s Guide
encrypt is usually 8, 16, or (for BER-encoded digests) 34 or 35. If you want to encrypt
and decrypt more than k – 11 bytes, use raw RSA encryption and decryption.
Note: In general, there should be no need for raw RSA encryption or decryption.
For most applications, if you have a longer message, it is faster and simpler to
encrypt the message with a symmetric algorithm and then use the RSA
algorithm to encrypt the key. (See “Digital Envelopes” on page 55.)
If you do use raw RSA encryption and decryption, your application must be
responsible for adding and removing the necessary padding. We do not
recommend using raw RSA encryption and decryption, unless you are
familiar with the issues involved.
To encrypt more bytes than the PKCS AIs allow, use
AI_RSAPublic for encryption and
and
AI_RSAPrivate for decryption. Note that this is different from the recommended
use for these AIs, as described in the Reference Manual. There are two important
constraints to consider when using these AIs:
• The total length of the data must be a multiple of the modulus size.
If your data’s length is not a multiple of the modulus size, your application must
do the padding. When decrypting with raw RSA encryption and decryption,
Crypto-C will not strip the padding; the application must do that.
• The data must be numerically less than the modulus.
To do this, divide your data into blocks that are one byte smaller than the
modulus. Prepend one byte of 0 to each block. If the leading byte of the data is 0,
your data will meet this second constraint.
For example, suppose you wanted to encrypt 100 bytes with the RSA algorithm
using a 512-bit modulus. You break the data into two blocks, the first one 63 bytes,
the second 37. Next, prepend a 0 byte to the first block and it is now 64 bytes (512
bits). Then, prepend a 0 byte and append 26 pad bytes to the second block and it,
too is now 64 bytes. Finally, call
B_EncryptUpdate for each of the two blocks, then
B_EncryptFinal. This will produce 128 bytes of encrypted data.
When decrypting, first call
B_DecryptUpdate once for all 128 bytes; then
B_DecryptFinal. The application will have to then strip the prepended zeroes and
the padding. You could also break the encrypted data into 64-byte blocks and call
B_DecryptUpdate for each block and strip the padding then.
Some padding procedures are recommended; others are discouraged. For a
description of one particular trusted padding system, see PKCS V1 [1].
