16 RSA BSAFE Crypto-C Library Reference Manual
Figure 2-1 Sample Algorithm Type
AI_PKCS_RSAPrivate
Purpose:
This AI allows you to decrypt data using the RSA public-key algorithm with
the OAEP padding scheme defined in PKCS #1 v2.0.
Type of information this allows you to use:
the RSA algorithm for performing private key encryption as defined in
PKCS #1. When encrypting, this algorithm encodes the data according to
block type 01. When decrypting, this algorithm decodes the data from a
block type 02.
Format of info supplied to B_SetAlgorithmInfo:
NULL_PTR
.
Format of info returned by B_GetAlgorithmInfo:
NULL_PTR
.
Crypto-C procedures to use with algorithm object:
B_EncryptInit
,
B_EncryptUpdate
,
B_EncryptFinal
, and
B_DecryptInit
,
B_DecryptUpdate
, and
B_DecryptFinal
. You may pass
(
B_ALGORITHM_OBJ
)
NULL_PTR
for all
randomAlgorithm
arguments.
Algorithm methods to include in application’s algorithm chooser:
AM_RSA_CRT_ENCRYPT
or
AM_RSA_CRT_ENCRYPT_BLIND
for encrypting, or
AM_RSA_CRT_DECRYPT
or
AM_RSA_CRT_DECRYPT_BLIND
for decrypting.
AM_RSA_CRT_ENCRYPT_BLIND
and
AM_RSA_CRT_DECRYPT_BLIND
will perform
blinding to protect against timing attacks and
AM_RSA_CRT_ENCRYPT
and
AM_RSA_CRT_DECRYPT
will not.
Key info types for keyObject in B_EncryptInit or B_DecryptInit:
KI_RSA_CRT
,
KI_PKCS_RSAPrivate
,
KI_PKCS_RSAPrivateBER
or
KI_RSAPrivateBSAFE1
.
Compatible representation:
AI_PKCS_RSAPrivateBER
,
AI_PKCS_RSAPrivatePEM
.
Input constraints:
The total number of bytes to encrypt may not be more than
k –
11, where
k
is
the key’s modulus size in bytes.
Output considerations:
The output of encryption will be the same size as the key’s modulus.
Type of information this
allows you to use:
Describes the type of
algorithm and parameters
you can use with the
algorithm info type
Format of info supplied to
B_SetAlgorithmInfo:
Describes the exact format for
supplying the algorithm
parameters to
B_SetAlgorithmInfo. Some
algorithms, such as AI_RC4, do
not have parameters; in this
case, this entry will specify
NULL_PTR.
Crypto-C procedures to use
with algorithm object:
Describes which Crypto-C
procedures to use. Most
algorithms employ Init, Update,
and Final steps. For example,
AI_MD5, an MD5 message
algorithm, uses B_DigestInit,
B_DigestUpdate, and
B_DigestFinal.
Algorithm methods to
include in application’s
algorithm chooser:
Describes which algorithm
methods can be used in your
algorithm chooser.
Compatible representation:
Some algorithms have multiple
representations for the
algorithm parameters: for
example, Crypto-C’s own
format and BER-encoded
format. In this case, the
underlying algorithm is the
same, but the parameter
representation is different.
These are called “compatible
representations”.
Input constraints:
Describes any constraints on
the total number of input bytes
passed to the update
procedure.
Key info types for
keyObject:
For algorithms which need a
key object, such as encryption
and signature algorithms,
describes which KI key info
type to use when setting the
key object.
Output considerations:
Describes how much space
will be required for output
buffers. For those AIs without
this category, the output buffer
should be the same size as the
input buffer.
Format of info returned by
B_GetAlgorithmInfo:
Describes the exact format
that B_GetAlgorithmInfo
returns for the algorithm
parameters. This is generally a
“cleaned up” version of the
format supplied to
B_SetAlgorithmInfo. For
example, B_GetAlgorithmInfo
with AI_RSAKeyGen returns
the public exponent with the
leading zeros stripped off.
Purpose:
Describes the AI, what it is
for, what it does, and how it
relates to similar AIs.
