AI_SHA1WithRSAEncryptionBER

Algorithm methods to include in application’s algorithm chooser:

AM_MD2, and AM_RSA_CRT_ENCRYPT, AM_RSA_CRT_ENCRYPT_BLIND, or AM_RSA_ENCRYPT,

for signature creation; and AM_RSA_DECRYPT for signature verification.

AM_RSA_CRT_ENCRYPT_BLIND performs blinding to protect against timing attacks, whereas AM_RSA_CRT_ENCRYPT does not.

Key info types for keyObject in B_SignInit:

KI_RSA_CRT, KI_PKCS_RSAPrivate, KI_PKCS_RSAPrivateBER, KI_RSAPrivate or KI_RSAPrivateBSAFE1. Unless you use KI_RSA_CRT for your KI, you must include AM_RSA_ENCRYPT in your application’s algorithm chooser.

Key info types for keyObject in B_VerifyInit:

KI_RSAPublic, KI_RSAPublicBER, or KI_RSAPublicBSAFE1.

Compatible representation:

AI_SHA1WithRSAEncryption.

Output considerations:

The signature result of B_SignFinal will be the same size as the RSA key’s modulus.

Notes:

Although the RSA signature operation is called “encryption” and the verification operation is called “decryption”, the signer uses the digest and the private key and follows the steps needed to decrypt, while the verifier uses the transmitted digest and the public key and follows the steps needed to encrypt.

C h a p t e r 2 A l g o r i t h m I n f o Ty p e s

235

Page 245
Image 245
RSA Security manual A p t e r 2 a l g o r i t h m I n f o Ty p e s 235