Skip to main content

Module pkcs1v15

rsa

Module pkcs1v15 

Source
Expand description

PKCS#1 v1.5 support as described in RFC8017 Β§ 8.2.

Warning

PKCS#1 v1.5 padding has a longstanding history of issues generally classed as Bleichenbacher Attacks which were originally discovered in 1998 but keep reappearing in various forms again and again over the course of decades, including most recently in the 2023 Marvin Attack, which the rsa crate is still vulnerable to.

These attacks can result in complete plaintext recovery for encryption, or signature forgery, leading to a total failure of either confidentiality or integrity.

Unless explicitly needed for compatibility reasons, we recommend against using PKCS#1 v1.5, and suggest using PSS or OAEP instead (if there is a requirement to use RSA).

Β§Usage

See code example in the toplevel rustdoc.

Modules§

decrypting_key πŸ”’
encrypting_key πŸ”’
oid πŸ”’
signature πŸ”’
RSASSA-PKCS1-v1_5 signatures.
signing_key πŸ”’
verifying_key πŸ”’

Structs§

DecryptingKey
Decryption key for PKCS#1 v1.5 decryption as described in RFC8017 Β§ 7.2.
EncryptingKey
Encryption key for PKCS#1 v1.5 encryption as described in RFC8017 Β§ 7.2.
Pkcs1v15Encrypt
Encryption using PKCS#1 v1.5 padding.
Pkcs1v15Sign
RSASSA-PKCS1-v1_5: digital signatures using PKCS#1 v1.5 padding.
Signature
RSASSA-PKCS1-v1_5 signatures as described in RFC8017 Β§ 8.2.
SigningKey
Signing key for RSASSA-PKCS1-v1_5 signatures as described in RFC8017 Β§ 8.2.
VerifyingKey
Verifying key for RSASSA-PKCS1-v1_5 signatures as described in RFC8017 Β§ 8.2.

Traits§

RsaSignatureAssociatedOid
A trait which associates an RSA-specific OID with a type.

Functions§

decrypt πŸ”’
Decrypts a plaintext using RSA and the padding scheme from PKCS#1 v1.5.
encrypt πŸ”’
Encrypts the given message with RSA and the padding scheme from PKCS#1 v1.5. The message must be no longer than the length of the public modulus minus 11 bytes.
sign πŸ”’
Calculates the signature of hashed using RSASSA-PKCS1-V1_5-SIGN from RSA PKCS#1 v1.5. Note that hashed must be the result of hashing the input message using the given hash function. If hash is None, hashed is signed directly. This isn’t advisable except for interoperability.
verify πŸ”’
Verifies an RSA PKCS#1 v1.5 signature.