161 lines
6.4 KiB
HTML
Executable File
161 lines
6.4 KiB
HTML
Executable File
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>RSA_public_encrypt</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
|
<li><a href="#warnings">WARNINGS</a></li>
|
|
<li><a href="#conforming_to">CONFORMING TO</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#history">HISTORY</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<pre>
|
|
#include <openssl/rsa.h></pre>
|
|
<p>Deprecated since OpenSSL 3.0, can be hidden entirely by defining
|
|
<strong>OPENSSL_API_COMPAT</strong> with a suitable version value, see
|
|
<em>openssl_user_macros(7)</em>:</p>
|
|
<pre>
|
|
int RSA_public_encrypt(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa, int padding);</pre>
|
|
<pre>
|
|
int RSA_private_decrypt(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa, int padding);</pre>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p>Both of the functions described on this page are deprecated.
|
|
Applications should instead use <em>EVP_PKEY_encrypt_init(3)</em>,
|
|
<em>EVP_PKEY_encrypt(3)</em>, <em>EVP_PKEY_decrypt_init(3)</em> and <em>EVP_PKEY_decrypt(3)</em>.</p>
|
|
<p><code>RSA_public_encrypt()</code> encrypts the <strong>flen</strong> bytes at <strong>from</strong> (usually a
|
|
session key) using the public key <strong>rsa</strong> and stores the ciphertext in
|
|
<strong>to</strong>. <strong>to</strong> must point to RSA_size(<strong>rsa</strong>) bytes of memory.</p>
|
|
<p><strong>padding</strong> denotes one of the following modes:</p>
|
|
<dl>
|
|
<dt><strong><a name="rsa_pkcs1_padding" class="item">RSA_PKCS1_PADDING</a></strong></dt>
|
|
|
|
<dd>
|
|
<p>PKCS #1 v1.5 padding. This currently is the most widely used mode.
|
|
However, it is highly recommended to use RSA_PKCS1_OAEP_PADDING in
|
|
new applications. SEE WARNING BELOW.</p>
|
|
</dd>
|
|
<dt><strong><a name="rsa_pkcs1_oaep_padding" class="item">RSA_PKCS1_OAEP_PADDING</a></strong></dt>
|
|
|
|
<dd>
|
|
<p>EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
|
|
encoding parameter. This mode is recommended for all new applications.</p>
|
|
</dd>
|
|
<dt><strong><a name="rsa_sslv23_padding" class="item">RSA_SSLV23_PADDING</a></strong></dt>
|
|
|
|
<dd>
|
|
<p>PKCS #1 v1.5 padding with an SSL-specific modification that denotes
|
|
that the server is SSL3 capable.</p>
|
|
</dd>
|
|
<dt><strong><a name="rsa_no_padding" class="item">RSA_NO_PADDING</a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Raw RSA encryption. This mode should <em>only</em> be used to implement
|
|
cryptographically sound padding modes in the application code.
|
|
Encrypting user data directly with RSA is insecure.</p>
|
|
</dd>
|
|
</dl>
|
|
<p><strong>flen</strong> must not be more than RSA_size(<strong>rsa</strong>) - 11 for the PKCS #1 v1.5
|
|
based padding modes, not more than RSA_size(<strong>rsa</strong>) - 42 for
|
|
RSA_PKCS1_OAEP_PADDING and exactly RSA_size(<strong>rsa</strong>) for RSA_NO_PADDING.
|
|
When a padding mode other than RSA_NO_PADDING is in use, then
|
|
<code>RSA_public_encrypt()</code> will include some random bytes into the ciphertext
|
|
and therefore the ciphertext will be different each time, even if the
|
|
plaintext and the public key are exactly identical.
|
|
The returned ciphertext in <strong>to</strong> will always be zero padded to exactly
|
|
RSA_size(<strong>rsa</strong>) bytes.
|
|
<strong>to</strong> and <strong>from</strong> may overlap.</p>
|
|
<p><code>RSA_private_decrypt()</code> decrypts the <strong>flen</strong> bytes at <strong>from</strong> using the
|
|
private key <strong>rsa</strong> and stores the plaintext in <strong>to</strong>. <strong>flen</strong> should
|
|
be equal to RSA_size(<strong>rsa</strong>) but may be smaller, when leading zero
|
|
bytes are in the ciphertext. Those are not important and may be removed,
|
|
but <code>RSA_public_encrypt()</code> does not do that. <strong>to</strong> must point
|
|
to a memory section large enough to hold the maximal possible decrypted
|
|
data (which is equal to RSA_size(<strong>rsa</strong>) for RSA_NO_PADDING,
|
|
RSA_size(<strong>rsa</strong>) - 11 for the PKCS #1 v1.5 based padding modes and
|
|
RSA_size(<strong>rsa</strong>) - 42 for RSA_PKCS1_OAEP_PADDING).
|
|
<strong>padding</strong> is the padding mode that was used to encrypt the data.
|
|
<strong>to</strong> and <strong>from</strong> may overlap.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
|
<p><code>RSA_public_encrypt()</code> returns the size of the encrypted data (i.e.,
|
|
RSA_size(<strong>rsa</strong>)). <code>RSA_private_decrypt()</code> returns the size of the
|
|
recovered plaintext. A return value of 0 is not an error and
|
|
means only that the plaintext was empty.</p>
|
|
<p>On error, -1 is returned; the error codes can be
|
|
obtained by <em>ERR_get_error(3)</em>.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="warnings">WARNINGS</a></h1>
|
|
<p>Decryption failures in the RSA_PKCS1_PADDING mode leak information
|
|
which can potentially be used to mount a Bleichenbacher padding oracle
|
|
attack. This is an inherent weakness in the PKCS #1 v1.5 padding
|
|
design. Prefer RSA_PKCS1_OAEP_PADDING.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="conforming_to">CONFORMING TO</a></h1>
|
|
<p>SSL, PKCS #1 v2.0</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>ERR_get_error(3)</em>, <em>RAND_bytes(3)</em>,
|
|
<em>RSA_size(3)</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="history">HISTORY</a></h1>
|
|
<p>Both of these functions were deprecated in OpenSSL 3.0.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|