xxxxxxxxxx
rsa_encrypt_raw(pRsaKey,cPlainData) ---> return a string containing the raw RSA encryption of cPlainData
xxxxxxxxxx
/* encrypt a file using AES key and then encrypt the AES key using an RSA public key using PKCS1 padding */
/* we manually add PKCS1 padding and then perform raw RSA encryption */
try
/* read Alice public key */
rsaPublicKeyPEM = Read("alice_public_key.pem")
rsaPublicKey = rsa_import_pem(rsaPublicKeyPEM)
/* encrypt file with random AES-128 key */
cData = Read ("secret_document.txt")
cKey = RandBytes(16)
cIV = RandBytes(16)
cEncryptedData = Encrypt(cData,cKey,cIV,"aes128")
/* encrypt the AES-128 key with the RSA public key */
/* calculate the modulus length */
rsaKeyParams = rsa_export_params(rsaPublicKey)
modulusLen = rsaKeyParams[:bits]/ 8
/* we manually add PKCS1 padding */
paddingSize = modulusLen - Len(cKey) - 2 - 1
paddingStr = space (paddingSize)
/* encryption case. Add random bytes */
for i=1 to paddingSize
paddingStr[i] = Char (1 + Random(254))
next
paddedData = Char(0) + Char(2) + paddingStr + Char (0) + cKey
cEncryptedKey = rsa_encrypt_raw(rsaPublicKey,paddedData)
/* store IV, encrypted AES key and encrypted data in a file to be sent to Alice*/
Write("raw_encrypted_document.enc", cIV + cEncryptedKey + cEncryptedData)
catch
See "Unexpected error occured: " + cCatchError + nl
done
xxxxxxxxxx
rsa_decrypt_raw(pRsaKey,cEncryptedData) ---> return a string containing the decryption of cEncryptedData
xxxxxxxxxx
/* decrypt a file by first decrypting AES key that was used to encrypt it
* and then decrypt the whole content using the AES key
/* We decrypt AES using rsa_decrypt_raw and then remove padding manually
*/
try
/* read Alice private key */
rsaKeyPEM = Read("alice_private_key.pem")
rsaKey = rsa_import_pem(rsaKeyPEM)
/* calculate the modulus length */
rsaKeyParams = rsa_export_params(rsaKey)
modulusLen = rsaKeyParams[:bits]/ 8
/* read encrypted file */
cEncryptedContent = Read ("encrypted_document.enc")
/* IV is the first 16 bytes if the file */
cIV = substr(cEncryptedContent, 1, 16)
/* encrypted key follows IV and its length is modulusLen */
cEncryptedKey = substr(cEncryptedContent, 17, modulusLen)
/* encrypted data follows the key */
cEncryptedData = substr(cEncryptedContent, 17 + modulusLen)
/* decrypt the AES-128 key */
cPaddedKey = rsa_decrypt_raw(rsaKey,cEncryptedKey)
/* remove PKCS1 padding */
paddedInputLength = len(cPaddedKey)
cKey = ""
if paddedInputLength > 11 AND Ascii(cPaddedKey[1]) = 0 AND Ascii(cPaddedKey[2]) = 2
zeroFound = false
for j = 3 to paddedInputLength
if Ascii(cPaddedKey[j]) = 0
i = j
zeroFound = true
exit
ok
next
if zeroFound
if i = paddedInputLength
/* unpadded data is empty */
Raise("Empty data recovered from padding")
else
cKey = substr(cPaddedKey,i+1)
ok
else
Raise ("Invalid data padding")
ok
else
Raise("the decrypted data is invalid")
ok
/* decrypt the data using the AES-128 key */
cPlainData = Decrypt(cEncryptedData,cKey,cIV,"aes128")
/* store the decrypted data to a file */
Write("decrypted_document.txt", cPlainData)
catch
See "Unexpected error occured: " + cCatchError + nl
done