Hi there Alexey Many people will tell you to use the EVP stuff and quite frankly, they're most likely right. However, I've not managed to figure out the EVP stuff so I use the public_encrypt and private_decrypt functions instead. I have written the following functions to encapsulate the functionality I need. Adapt them as you like :-) void theEncryptor::generateRSAKeyPair(int bits) { rsa = RSA_generate_key(bits, 65537, NULL, NULL); }
int theEncryptor::publicEncrypt(unsigned char* data, unsigned char* dataEncrypted,int dataLen) { return RSA_public_encrypt(dataLen, data, dataEncrypted, rsa, RSA_PKCS1_PADDING); } int theEncryptor::privateDecrypt(unsigned char* dataEncrypted, unsigned char* dataDecrypted) { return RSA_private_decrypt(RSA_size(rsa), dataEncrypted, dataDecrypted, rsa, RSA_PKCS1_PADDING); } Then since I am receiving a public key, I have a sockets framework: void theEncryptor::receivePublicKeyAndSetRSA(int sock, int bits) { int max_hex_size = (bits / 4) + 1; char keybufA[max_hex_size]; bzero(keybufA,max_hex_size); char keybufB[max_hex_size]; bzero(keybufB,max_hex_size); int n = recv(sock,keybufA,max_hex_size,0); n = send(sock,"OK",2,0); n = recv(sock,keybufB,max_hex_size,0); n = send(sock,"OK",2,0); rsa = RSA_new(); BN_hex2bn(&rsa->n, keybufA); BN_hex2bn(&rsa->e, keybufB); } void theEncryptor::transmitPublicKey(int sock, int bits) { const int max_hex_size = (bits / 4) + 1; long size = max_hex_size; char keyBufferA[size]; char keyBufferB[size]; bzero(keyBufferA,size); bzero(keyBufferB,size); sprintf(keyBufferA,"%s\r\n",BN_bn2hex(rsa->n)); sprintf(keyBufferB,"%s\r\n",BN_bn2hex(rsa->e)); int n = send(sock,keyBufferA,size,0); char recBuf[2]; n = recv(sock,recBuf,2,0); n = send(sock,keyBufferB,size,0); n = recv(sock,recBuf,2,0); } Best Wishes, Ben. On 20 January 2010 15:14, Alexey Luchko <l...@ank-sia.com> wrote: > Hi! > > I'm new to openssl. > > I need to encrypt and decrypt approx 1k block of data with rsa. > What is recommended api for the case? > > I've found RSA_public_encrypt() and RSA_private_decrypt(). > It looks like a kind of low level api. > But here I've got a problem with OAEP padding. > > Another one is EVP_PKEY_encrypt() and EVP_PKEY_decrypt(). > It is of a higher level. > It encodes and decodes correctly only one block for me, > but looks like it could operate on block of any size. > And I've not found any use cases with google code search. > > It looks like I missed smth ;) > Any advice is very welcome! > > > -- > Thanks in advance, > Alexey > > sms stands for save my soul > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Ben H D Jones www.bhjones.com