[thirdparty/openssl.git] / doc / man3 / RSA_private_encrypt.pod

=pod

=head1 NAME

RSA_private_encrypt, RSA_public_decrypt - low level signature operations

=head1 SYNOPSIS

 #include <openssl/rsa.h>

Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:

 int RSA_private_encrypt(int flen, unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding);

 int RSA_public_decrypt(int flen, unsigned char *from,
                        unsigned char *to, RSA *rsa, int padding);

=head1 DESCRIPTION

Both of the functions described on this page are deprecated.
Applications should instead use L<EVP_PKEY_encrypt_init(3)>,
L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.

These functions handle RSA signatures at a low level.

RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
message digest with an algorithm identifier) using the private key
B<rsa> and stores the signature in B<to>. B<to> must point to
B<RSA_size(rsa)> bytes of memory.

B<padding> denotes one of the following modes:

=over 4

=item RSA_PKCS1_PADDING

PKCS #1 v1.5 padding. This function does not handle the
B<algorithmIdentifier> specified in PKCS #1. When generating or
verifying PKCS #1 signatures, L<RSA_sign(3)> and L<RSA_verify(3)> should be
used.

=item RSA_NO_PADDING

Raw RSA signature. This mode should I<only> be used to implement
cryptographically sound padding modes in the application code.
Signing user data directly with RSA is insecure.

=back

RSA_public_decrypt() recovers the message digest from the B<flen>
bytes long signature at B<from> using the signer's public key
B<rsa>. B<to> must point to a memory section large enough to hold the
message digest (which is smaller than B<RSA_size(rsa) -
11>). B<padding> is the padding mode that was used to sign the data.

=head1 RETURN VALUES

RSA_private_encrypt() returns the size of the signature (i.e.,
RSA_size(rsa)). RSA_public_decrypt() returns the size of the
recovered message digest.

On error, -1 is returned; the error codes can be
obtained by L<ERR_get_error(3)>.

=head1 SEE ALSO

L<ERR_get_error(3)>,
L<RSA_sign(3)>, L<RSA_verify(3)>

=head1 HISTORY

Both of these functions were deprecated in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
2186cd8e UM	1	=pod
	2
	3	=head1 NAME
	4
4d524e10	5	RSA_private_encrypt, RSA_public_decrypt - low level signature operations
2186cd8e UM	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/rsa.h>
	10
4fd8a3e1 P	11	Deprecated since OpenSSL 3.0, can be hidden entirely by defining
	12	B<OPENSSL_API_COMPAT> with a suitable version value, see
	13	L<openssl_user_macros(7)>:
	14
e9b77246 BB	15	int RSA_private_encrypt(int flen, unsigned char *from,
e9b77246 BB	16	unsigned char to, RSA rsa, int padding);
2186cd8e	17
e9b77246 BB	18	int RSA_public_decrypt(int flen, unsigned char *from,
e9b77246 BB	19	unsigned char to, RSA rsa, int padding);
2186cd8e UM	20
	21	=head1 DESCRIPTION
	22
4fd8a3e1 P	23	Both of the functions described on this page are deprecated.
	24	Applications should instead use L<EVP_PKEY_encrypt_init(3)>,
	25	L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.
	26
2186cd8e UM	27	These functions handle RSA signatures at a low level.
	28
	29	RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
	30	message digest with an algorithm identifier) using the private key
	31	B<rsa> and stores the signature in B<to>. B<to> must point to
	32	B<RSA_size(rsa)> bytes of memory.
	33
	34	B<padding> denotes one of the following modes:
	35
	36	=over 4
	37
	38	=item RSA_PKCS1_PADDING
	39
	40	PKCS #1 v1.5 padding. This function does not handle the
	41	B<algorithmIdentifier> specified in PKCS #1. When generating or
9b86974e	42	verifying PKCS #1 signatures, L<RSA_sign(3)> and L<RSA_verify(3)> should be
2186cd8e UM	43	used.
	44
	45	=item RSA_NO_PADDING
	46
	47	Raw RSA signature. This mode should I<only> be used to implement
	48	cryptographically sound padding modes in the application code.
	49	Signing user data directly with RSA is insecure.
	50
	51	=back
	52
2186cd8e UM	53	RSA_public_decrypt() recovers the message digest from the B<flen>
	54	bytes long signature at B<from> using the signer's public key
	55	B<rsa>. B<to> must point to a memory section large enough to hold the
	56	message digest (which is smaller than B<RSA_size(rsa) -
	57	11>). B<padding> is the padding mode that was used to sign the data.
	58
	59	=head1 RETURN VALUES
	60
	61	RSA_private_encrypt() returns the size of the signature (i.e.,
	62	RSA_size(rsa)). RSA_public_decrypt() returns the size of the
	63	recovered message digest.
	64
	65	On error, -1 is returned; the error codes can be
9b86974e	66	obtained by L<ERR_get_error(3)>.
2186cd8e UM	67
	68	=head1 SEE ALSO
	69
53934822	70	L<ERR_get_error(3)>,
9b86974e	71	L<RSA_sign(3)>, L<RSA_verify(3)>
2186cd8e	72
4fd8a3e1 P	73	=head1 HISTORY
	74
	75	Both of these functions were deprecated in OpenSSL 3.0.
	76
e2f92610 RS	77	=head1 COPYRIGHT
	78
	79	Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
	80
4746f25a	81	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	82	this file except in compliance with the License. You can obtain a copy
	83	in the file LICENSE in the source distribution or at
	84	L<https://www.openssl.org/source/license.html>.
	85
	86	=cut