1*2175Sjp161948=pod
2*2175Sjp161948
3*2175Sjp161948=head1 NAME
4*2175Sjp161948
5*2175Sjp161948RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
6*2175Sjp161948
7*2175Sjp161948=head1 SYNOPSIS
8*2175Sjp161948
9*2175Sjp161948 #include <openssl/rsa.h>
10*2175Sjp161948
11*2175Sjp161948 int RSA_public_encrypt(int flen, unsigned char *from,
12*2175Sjp161948    unsigned char *to, RSA *rsa, int padding);
13*2175Sjp161948
14*2175Sjp161948 int RSA_private_decrypt(int flen, unsigned char *from,
15*2175Sjp161948     unsigned char *to, RSA *rsa, int padding);
16*2175Sjp161948
17*2175Sjp161948=head1 DESCRIPTION
18*2175Sjp161948
19*2175Sjp161948RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
20*2175Sjp161948session key) using the public key B<rsa> and stores the ciphertext in
21*2175Sjp161948B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
22*2175Sjp161948
23*2175Sjp161948B<padding> denotes one of the following modes:
24*2175Sjp161948
25*2175Sjp161948=over 4
26*2175Sjp161948
27*2175Sjp161948=item RSA_PKCS1_PADDING
28*2175Sjp161948
29*2175Sjp161948PKCS #1 v1.5 padding. This currently is the most widely used mode.
30*2175Sjp161948
31*2175Sjp161948=item RSA_PKCS1_OAEP_PADDING
32*2175Sjp161948
33*2175Sjp161948EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
34*2175Sjp161948encoding parameter. This mode is recommended for all new applications.
35*2175Sjp161948
36*2175Sjp161948=item RSA_SSLV23_PADDING
37*2175Sjp161948
38*2175Sjp161948PKCS #1 v1.5 padding with an SSL-specific modification that denotes
39*2175Sjp161948that the server is SSL3 capable.
40*2175Sjp161948
41*2175Sjp161948=item RSA_NO_PADDING
42*2175Sjp161948
43*2175Sjp161948Raw RSA encryption. This mode should I<only> be used to implement
44*2175Sjp161948cryptographically sound padding modes in the application code.
45*2175Sjp161948Encrypting user data directly with RSA is insecure.
46*2175Sjp161948
47*2175Sjp161948=back
48*2175Sjp161948
49*2175Sjp161948B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
50*2175Sjp161948based padding modes, less than RSA_size(B<rsa>) - 41 for
51*2175Sjp161948RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
52*2175Sjp161948The random number generator must be seeded prior to calling
53*2175Sjp161948RSA_public_encrypt().
54*2175Sjp161948
55*2175Sjp161948RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
56*2175Sjp161948private key B<rsa> and stores the plaintext in B<to>. B<to> must point
57*2175Sjp161948to a memory section large enough to hold the decrypted data (which is
58*2175Sjp161948smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
59*2175Sjp161948was used to encrypt the data.
60*2175Sjp161948
61*2175Sjp161948=head1 RETURN VALUES
62*2175Sjp161948
63*2175Sjp161948RSA_public_encrypt() returns the size of the encrypted data (i.e.,
64*2175Sjp161948RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
65*2175Sjp161948recovered plaintext.
66*2175Sjp161948
67*2175Sjp161948On error, -1 is returned; the error codes can be
68*2175Sjp161948obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
69*2175Sjp161948
70*2175Sjp161948=head1 CONFORMING TO
71*2175Sjp161948
72*2175Sjp161948SSL, PKCS #1 v2.0
73*2175Sjp161948
74*2175Sjp161948=head1 SEE ALSO
75*2175Sjp161948
76*2175Sjp161948L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
77*2175Sjp161948L<RSA_size(3)|RSA_size(3)>
78*2175Sjp161948
79*2175Sjp161948=head1 HISTORY
80*2175Sjp161948
81*2175Sjp161948The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
82*2175Sjp161948available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
83*2175Sjp161948
84*2175Sjp161948=cut
85