RSA Encryption Schemes
From Crypto++ Wiki
For the main RSA page, visit RSA Cryptography. For signature schemes, visit RSA Signature Schemes.
Contents |
Remarks
Plaintext Length
The maximum length of a plaintext string that can be encrypted with RSA can be determined by FixedMaxPlaintextLength. On error, FixedMaxPlaintextLength returns 0. The value returned by FixedMaxPlaintextLength is directly related to the modulus size n.
Ciphertext Length
The length of the resulting ciphertext can be determined by FixedCiphertextLength. On error, FixedCiphertextLength returns 0. The value returned by FixedCiphertextLength is directly related to the modulus size n.
Buffers
When encrypting and decrypting using Crypto++, the plaintext and ciphertext buffers can be the same. This effectively means in-place encryption and decryption can be performed. However, always make sure the buffer is large enough to hold the encrypted data (which will be larger than the plaintext). If the buffers are not the same, the buffers must not overlap. Finally, both CiphertextLength and MaxPlaintextLength return 0 on error.
// Encrypt
size_t cipherTextSize = publicKey.CiphertextLength( plainTextSize );
assert( 0 != cipherTextSize );
assert( plainTextSize >= cipherTextSize );
publicKey.Encrypt(rnd, (byte*)plainText, plainTextSize, (byte*)plainText);
...
// Decrypt
size_t plainTextSize = privateKey.MaxPlaintextLength( cipherTextSize );
assert( 0 != plainTextSize );
assert( cipherTextSize >= plainTextSize );
DecodingResult result = privateKey.Decrypt(rnd, (byte*)plainText,
cipherTextSize, (byte*)plainText);
assert( plainTextSize == result.messageLength );
Sample Programs
RSA Encryption Scheme (OAEP and SHA)
The following code demonstrates RSA encryption using OAEP. SHA is used to generate the padding bits and mask the input (see OAEP_Base::Pad).
////////////////////////////////////////////////
// Generate keys
AutoSeededRandomPool rng;
InvertibleRSAFunction parameters;
parameters.GenerateRandomWithKeySize( rng, 1536 );
RSA::PrivateKey privateKey( parameters );
RSA::PublicKey publicKey( parameters );
////////////////////////////////////////////////
// Secret to protect
static const int SECRET_SIZE = 16;
SecByteBlock plaintext( SECRET_SIZE );
memset( plaintext, 'A', SECRET_SIZE );
////////////////////////////////////////////////
// Encrypt
RSAES_OAEP_SHA_Encryptor encryptor( publicKey );
// Now that there is a concrete object, we can validate
assert( 0 != encryptor.FixedMaxPlaintextLength() );
assert( plaintext.size() <= encryptor.FixedMaxPlaintextLength() );
// Create cipher text space
size_t ecl = encryptor.CiphertextLength( plaintext.size() );
assert( 0 != ecl );
SecByteBlock ciphertext( ecl );
encryptor.Encrypt( rng, plaintext, plaintext.size(), ciphertext );
////////////////////////////////////////////////
// Decrypt
RSAES_OAEP_SHA_Decryptor decryptor( privateKey );
// Now that there is a concrete object, we can check sizes
assert( 0 != decryptor.FixedCiphertextLength() );
assert( ciphertext.size() <= decryptor.FixedCiphertextLength() );
// Create recovered text space
size_t dpl = decryptor.MaxPlaintextLength( ciphertext.size() );
assert( 0 != dpl );
SecByteBlock recovered( dpl );
DecodingResult result = decryptor.Decrypt( rng,
ciphertext, ciphertext.size(), recovered );
// More sanity checks
assert( result.isValidCoding );
assert( result.messageLength <=
decryptor.MaxPlaintextLength( ciphertext.size() ) );
// At this point, we can set the size of the recovered
// data. Until decryption occurs (successfully), we
// only know its maximum size
recovered.resize( result.messageLength );
// SecByteBlock is overloaded for proper results below
assert( plaintext == recovered );
cout << "Recovered plain text" << endl;
RSA Encryption Scheme (OAEP and SHA) using Filters
Using Crypto++ pipelining, the previous program can be reduced to the following.
////////////////////////////////////////////////
// Generate keys
AutoSeededRandomPool rng;
InvertibleRSAFunction params;
params.GenerateRandomWithKeySize( rng, 1536 );
RSA::PrivateKey privateKey( params );
RSA::PublicKey publicKey( params );
string plain="RSA Encryption", cipher, recovered;
////////////////////////////////////////////////
// Encryption
RSAES_OAEP_SHA_Encryptor e( publicKey );
StringSource( plain, true,
new PK_EncryptorFilter( rng, e,
new StringSink( cipher )
) // PK_EncryptorFilter
); // StringSource
////////////////////////////////////////////////
// Decryption
RSAES_OAEP_SHA_Decryptor d( privateKey );
StringSource( cipher, true,
new PK_DecryptorFilter( rng, d,
new StringSink( recovered )
) // PK_DecryptorFilter
); // StringSource
assert( plain == recovered );
Downloads
RSA-ES-OAEP-SHA-Test.zip - Demonstrates RSA-ES (OAEP/SHA) - 5KB
RSA-ES-OAEP-SHA-Filter-Test.zip - Demonstrates RSA-ES (OAEP/SHA) using Filters - 5KB
