1*4724848cSchristos=pod 2*4724848cSchristos 3*4724848cSchristos=head1 NAME 4*4724848cSchristos 5*4724848cSchristosRSA_private_encrypt, RSA_public_decrypt - low-level signature operations 6*4724848cSchristos 7*4724848cSchristos=head1 SYNOPSIS 8*4724848cSchristos 9*4724848cSchristos #include <openssl/rsa.h> 10*4724848cSchristos 11*4724848cSchristos int RSA_private_encrypt(int flen, unsigned char *from, 12*4724848cSchristos unsigned char *to, RSA *rsa, int padding); 13*4724848cSchristos 14*4724848cSchristos int RSA_public_decrypt(int flen, unsigned char *from, 15*4724848cSchristos unsigned char *to, RSA *rsa, int padding); 16*4724848cSchristos 17*4724848cSchristos=head1 DESCRIPTION 18*4724848cSchristos 19*4724848cSchristosThese functions handle RSA signatures at a low-level. 20*4724848cSchristos 21*4724848cSchristosRSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a 22*4724848cSchristosmessage digest with an algorithm identifier) using the private key 23*4724848cSchristosB<rsa> and stores the signature in B<to>. B<to> must point to 24*4724848cSchristosB<RSA_size(rsa)> bytes of memory. 25*4724848cSchristos 26*4724848cSchristosB<padding> denotes one of the following modes: 27*4724848cSchristos 28*4724848cSchristos=over 4 29*4724848cSchristos 30*4724848cSchristos=item RSA_PKCS1_PADDING 31*4724848cSchristos 32*4724848cSchristosPKCS #1 v1.5 padding. This function does not handle the 33*4724848cSchristosB<algorithmIdentifier> specified in PKCS #1. When generating or 34*4724848cSchristosverifying PKCS #1 signatures, L<RSA_sign(3)> and L<RSA_verify(3)> should be 35*4724848cSchristosused. 36*4724848cSchristos 37*4724848cSchristos=item RSA_NO_PADDING 38*4724848cSchristos 39*4724848cSchristosRaw RSA signature. This mode should I<only> be used to implement 40*4724848cSchristoscryptographically sound padding modes in the application code. 41*4724848cSchristosSigning user data directly with RSA is insecure. 42*4724848cSchristos 43*4724848cSchristos=back 44*4724848cSchristos 45*4724848cSchristosRSA_public_decrypt() recovers the message digest from the B<flen> 46*4724848cSchristosbytes long signature at B<from> using the signer's public key 47*4724848cSchristosB<rsa>. B<to> must point to a memory section large enough to hold the 48*4724848cSchristosmessage digest (which is smaller than B<RSA_size(rsa) - 49*4724848cSchristos11>). B<padding> is the padding mode that was used to sign the data. 50*4724848cSchristos 51*4724848cSchristos=head1 RETURN VALUES 52*4724848cSchristos 53*4724848cSchristosRSA_private_encrypt() returns the size of the signature (i.e., 54*4724848cSchristosRSA_size(rsa)). RSA_public_decrypt() returns the size of the 55*4724848cSchristosrecovered message digest. 56*4724848cSchristos 57*4724848cSchristosOn error, -1 is returned; the error codes can be 58*4724848cSchristosobtained by L<ERR_get_error(3)>. 59*4724848cSchristos 60*4724848cSchristos=head1 SEE ALSO 61*4724848cSchristos 62*4724848cSchristosL<ERR_get_error(3)>, 63*4724848cSchristosL<RSA_sign(3)>, L<RSA_verify(3)> 64*4724848cSchristos 65*4724848cSchristos=head1 COPYRIGHT 66*4724848cSchristos 67*4724848cSchristosCopyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. 68*4724848cSchristos 69*4724848cSchristosLicensed under the OpenSSL license (the "License"). You may not use 70*4724848cSchristosthis file except in compliance with the License. You can obtain a copy 71*4724848cSchristosin the file LICENSE in the source distribution or at 72*4724848cSchristosL<https://www.openssl.org/source/license.html>. 73*4724848cSchristos 74*4724848cSchristos=cut 75