AI_RSAPrivate

Algorithm methods to include in application’s algorithm chooser:

AM_RSA_CRT_ENCRYPT or AM_RSA_CRT_ENCRYPT_BLIND for encryption, or AM_RSA_CRT_DECRYPT or AM_RSA_CRT_DECRYPT_BLIND for decryption.

AM_RSA_CRT_ENCRYPT_BLIND and AM_RSA_CRT_DECRYPT_BLIND perform blinding to protect against timing attacks, whereas AM_RSA_CRT_ENCRYPT and AM_RSA_CRT_DECRYPT do not.

Key info types for keyObject in B_EncryptInit or B_DecryptInit:

KI_RSA_CRT, KI_PKCS_RSAPrivate, KI_PKCS_RSAPrivateBER, or KI_RSAPrivateBSAFE1.

Input constraints:

Because this algorithm does not pad, the total number of input bytes must be a multiple of the key’s modulus size in bytes. Also, each modulus-size block of input, interpreted as an integer with the most significant byte first, must be numerically less than the key’s modulus.

Token-based algorithm methods:

AI_RSAPrivate may include the hardware algorithm method

AM_TOKEN_RSA_CRT_ENCRYPT or AM_TOKEN_RSA_CRT_DECRYPT in the algorithm chooser, for use with BHAPI.

Token-based key info types:

When used with one of the hardware algorithm methods described, AI_RSAPrivate should be used with KI_Token or KI_KeypairToken.

C h a p t e r 2 A l g o r i t h m I n f o Ty p e s

211

Page 220 Page 222
Page 221
Image 221
RSA Security 5 manual AIRSAPrivate may include the hardware algorithm method
Page 220 Page 222
Top Page Image Contents