RSA Security manual A p t e r 2 a l g o r i t h m I n f o Ty p e s 155

AI_PKCS_OAEP_RSAPublicBER

mgf1SHA1Identifier ::= AlgorithmIdentifier { id-mgf1, sha1Identifier }

--This identifier means that P is an empty string, so the digest

--of the empty string appears in the RSA block before masking.

pSpecifiedEmptyIdentifier ::= AlgorithmIdentifier { id-pSpecified, OCTET STRING SIZE (0)

}

Format of info supplied to B_GetAlgorithmInfo:

pointer to an ITEM structure that gives the address and length of the DER-encoded algorithm identifier.

Crypto-C procedures to use with algorithm object:

B_EncryptInit, B_EncryptUpdate, and B_EncryptFinal.

B_EncryptFinal requires a valid random number generator as a B_ALGORITHM_OBJ in its randomAlgorithm argument. PKCS #1 v2.0 does not specify the random number generation method. It is recommended that AI_X962Random_V0 or AI_SHA1Random be initialized with enough seed bytes to produce 160 bits of entropy.

You may pass (B_ALGORITHM_OBJ)NULL_PTR for the randomAlgorithm argument in B_EncryptUpdate.

Algorithm methods to include in application's algorithm chooser:

AM_RSA_ENCRYPT.

AM_SHA is required for the default pSource digest function and also for the default MGF underlying digest method.

Key info types for keyObject in B_EncryptInit or B_DecryptInit:

KI_RSAPublic and KI_RSAPublicBER may be used to perform RSA encryption or decryption.

Compatible representation:

AI_PKCS_OAEP_RSAPublic.