159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191SkrisRSA_private_encrypt, RSA_public_decrypt - low level signature operations 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191Skris #include <openssl/rsa.h> 1059191Skris 11325335Sjkim int RSA_private_encrypt(int flen, const unsigned char *from, 1259191Skris unsigned char *to, RSA *rsa, int padding); 1359191Skris 14325335Sjkim int RSA_public_decrypt(int flen, const unsigned char *from, 1559191Skris unsigned char *to, RSA *rsa, int padding); 1659191Skris 1759191Skris=head1 DESCRIPTION 1859191Skris 1959191SkrisThese functions handle RSA signatures at a low level. 2059191Skris 2159191SkrisRSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a 2259191Skrismessage digest with an algorithm identifier) using the private key 2359191SkrisB<rsa> and stores the signature in B<to>. B<to> must point to 2459191SkrisB<RSA_size(rsa)> bytes of memory. 2559191Skris 2659191SkrisB<padding> denotes one of the following modes: 2759191Skris 2859191Skris=over 4 2959191Skris 3059191Skris=item RSA_PKCS1_PADDING 3159191Skris 3259191SkrisPKCS #1 v1.5 padding. This function does not handle the 3359191SkrisB<algorithmIdentifier> specified in PKCS #1. When generating or 3459191Skrisverifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be 3559191Skrisused. 3659191Skris 3759191Skris=item RSA_NO_PADDING 3859191Skris 3959191SkrisRaw RSA signature. This mode should I<only> be used to implement 4059191Skriscryptographically sound padding modes in the application code. 4159191SkrisSigning user data directly with RSA is insecure. 4259191Skris 4359191Skris=back 4459191Skris 4559191SkrisRSA_public_decrypt() recovers the message digest from the B<flen> 4659191Skrisbytes long signature at B<from> using the signer's public key 4759191SkrisB<rsa>. B<to> must point to a memory section large enough to hold the 4859191Skrismessage digest (which is smaller than B<RSA_size(rsa) - 4959191Skris11>). B<padding> is the padding mode that was used to sign the data. 5059191Skris 5159191Skris=head1 RETURN VALUES 5259191Skris 5359191SkrisRSA_private_encrypt() returns the size of the signature (i.e., 5459191SkrisRSA_size(rsa)). RSA_public_decrypt() returns the size of the 5559191Skrisrecovered message digest. 5659191Skris 5759191SkrisOn error, -1 is returned; the error codes can be 5859191Skrisobtained by L<ERR_get_error(3)|ERR_get_error(3)>. 5959191Skris 6059191Skris=head1 SEE ALSO 6159191Skris 62109998SmarkmL<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>, 63109998SmarkmL<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)> 6459191Skris 6559191Skris=head1 HISTORY 6659191Skris 6759191SkrisThe B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is 6859191Skrisavailable since SSLeay 0.9.0. 6959191Skris 7059191Skris=cut 71