159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191SkrisRSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191Skris #include <openssl/rsa.h> 1059191Skris 1159191Skris int RSA_public_encrypt(int flen, unsigned char *from, 1259191Skris unsigned char *to, RSA *rsa, int padding); 1359191Skris 1459191Skris int RSA_private_decrypt(int flen, unsigned char *from, 1559191Skris unsigned char *to, RSA *rsa, int padding); 1659191Skris 1759191Skris=head1 DESCRIPTION 1859191Skris 1959191SkrisRSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a 2059191Skrissession key) using the public key B<rsa> and stores the ciphertext in 2159191SkrisB<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory. 2259191Skris 2359191SkrisB<padding> denotes one of the following modes: 2459191Skris 2559191Skris=over 4 2659191Skris 2759191Skris=item RSA_PKCS1_PADDING 2859191Skris 2959191SkrisPKCS #1 v1.5 padding. This currently is the most widely used mode. 3059191Skris 3159191Skris=item RSA_PKCS1_OAEP_PADDING 3259191Skris 3359191SkrisEME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty 3459191Skrisencoding parameter. This mode is recommended for all new applications. 3559191Skris 3659191Skris=item RSA_SSLV23_PADDING 3759191Skris 3859191SkrisPKCS #1 v1.5 padding with an SSL-specific modification that denotes 3959191Skristhat the server is SSL3 capable. 4059191Skris 4159191Skris=item RSA_NO_PADDING 4259191Skris 4359191SkrisRaw RSA encryption. This mode should I<only> be used to implement 4459191Skriscryptographically sound padding modes in the application code. 4559191SkrisEncrypting user data directly with RSA is insecure. 4659191Skris 4759191Skris=back 4859191Skris 4959191SkrisB<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 50142425Snectarbased padding modes, less than RSA_size(B<rsa>) - 41 for 51142425SnectarRSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING. 52142425SnectarThe random number generator must be seeded prior to calling 53142425SnectarRSA_public_encrypt(). 5459191Skris 5559191SkrisRSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the 5659191Skrisprivate key B<rsa> and stores the plaintext in B<to>. B<to> must point 5759191Skristo a memory section large enough to hold the decrypted data (which is 5859191Skrissmaller than RSA_size(B<rsa>)). B<padding> is the padding mode that 5959191Skriswas used to encrypt the data. 6059191Skris 6159191Skris=head1 RETURN VALUES 6259191Skris 6359191SkrisRSA_public_encrypt() returns the size of the encrypted data (i.e., 6459191SkrisRSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the 6559191Skrisrecovered plaintext. 6659191Skris 6759191SkrisOn error, -1 is returned; the error codes can be 6859191Skrisobtained by L<ERR_get_error(3)|ERR_get_error(3)>. 6959191Skris 7059191Skris=head1 CONFORMING TO 7159191Skris 7259191SkrisSSL, PKCS #1 v2.0 7359191Skris 7459191Skris=head1 SEE ALSO 7559191Skris 76109998SmarkmL<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, 77109998SmarkmL<RSA_size(3)|RSA_size(3)> 7859191Skris 7959191Skris=head1 HISTORY 8059191Skris 8159191SkrisThe B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is 8259191Skrisavailable since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b. 8359191Skris 8459191Skris=cut 85