AM_RSA_CRT_DECRYPT
AM_RSA_CRT_ENCRYPT_BLIND

AI_PKCS_RSAPrivatePEM

Algorithm methods to include in application’s algorithm chooser:

AM_RSA_CRT_ENCRYPT or AM_RSA_CRT_ENCRYPT_BLIND for encryption, or AM_RSA_CRT_DECRYPT or AM_RSA_CRT_DECRYPT_BLIND for decryption.

and AM_RSA_CRT_DECRYPT_BLIND perform blinding to

protect against timing attacks, whereas AM_RSA_CRT_ENCRYPT and do not.

Key info types for keyObject in B_EncryptInit or B_DecryptInit:

KI_RSA_CRT, KI_PKCS_RSAPrivate, KI_PKCS_RSAPrivateBER or KI_RSAPrivateBSAFE1.

Compatible representation:

AI_PKCS_RSAPrivate, AI_PKCS_RSAPrivateBER.

Input constraints:

The total number of bytes to encrypt may not be more than k – 11, where k is the keys modulus size in bytes.

Output considerations:

The output of encryption will be the same size as the key’s modulus.

C h a p t e r 2 A l g o r i t h m I n f o Ty p e s

171

Page 181
Image 181
RSA Security 5 manual A p t e r 2 a l g o r i t h m I n f o Ty p e s 171