akv_rsa_priv_enc function should be for signing

[ajiang-swi]

Hi,

I think the akv_rsa_priv_enc function should be for signing and not for encryption to be consistent with the rsa_ossl_private_encrypt function in openssl. More specifically the result of akv_rsa_priv_enc should be the message padded with the signature padding (eg. EMSA-PKCS1-V1_5-ENCODE) raised to the private exponent.

The current akv_rsa_priv_enc function seems like it should be named akv_rsa_pub_enc instead.

Thanks,

Alex

[liupums]

this engine only performs private key operations.

[ajiang-swi]

Ok, but the padding in the function akv_rsa_priv_enc still seems wrong. It should be RS256 or PS256 (for SHA256, other padding for corresponding to hash function) rather than RSA1_5 or RSA_OAEP.

[liupums]

Ok, but the padding in the function akv_rsa_priv_enc still seems wrong. It should be RS256 or PS256 (for SHA256, other padding for corresponding to hash function) rather than RSA1_5 or RSA_OAEP.

I think you mix up things for encrypt/decrypt and sign. Those are basics. But for your knowledge, please refer to the doc
https://learn.microsoft.com/en-us/azure/key-vault/keys/about-keys-details

[ajiang-swi]

I assume that the akv_rsa_priv_enc function is the key vault version of the rsa_ossl_private_encrypt (https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_ossl.c) function which is for signing. Otherwise, I'm not sure what it means to encrypt with a private key (encryption should be done with the public key).

[liupums]

I assume that the akv_rsa_priv_enc function is the key vault version of the rsa_ossl_private_encrypt (https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_ossl.c) function which is for signing. Otherwise, I'm not sure what it means to encrypt with a private key (encryption should be done with the public key).

Your assumption is wrong. please read the code and try the examples.