For alternative implementation of the RSA algorithms, OpenSSL exposes the opaque RSA_METHOD type. The BCrypt EVP engine implements the following RSA mechanisms:
- Creating a signature of a message, using a private key
- Verifying a signature, using the associated public key
- Encrypting plain text, using a public key
- Decrypting cipher text, using the associated private key
RSA encryption with a private key or decryption with a public key is not supported. The BCryptEncrypt function and BCryptDecrypt function do not allow it. Use the proper signing and verification interfaces instead. Only PKCS#1 v1.5 padding (RSA_PKCS1_PADDING) is supported, due to limitation of OpenSSL explained in algorithms_rsa_issues below.
See test_bcrypt_rsa.cpp for the RSA functional tests.
Note that the BCrypt EVP engine deals with ephemeral keys only. In particular, the private key for RSA has to live in-memory in an OpenSSL EVP_PKEY containing an RSA key, which subsequently gets converted into a BCRYPT_KEY_HANDLE. For signing with a key managed by a CNG store, use store_rst to lookup and load the EVP_PKEY, which in that case encapsulates an opaque NCRYPT_KEY_HANDLE.
Also, when selecting which message digest to use when signing, note that only those mentioned in algorithms_md_rst will result in the exclusive use of CNG crypto implementations.
The OpenSSL macro EVP_PKEY_CTX_set_rsa_padding translates to a control command that is supported for the values RSA_PKCS1_PADDING and RSA_PKCS1_PSS_PADDING, when appropriate.
The OAEP padding scheme is currently not supported.