I need to establish a secure communication between a PC and a device which supports RSA encryption and signature with SHA1. As I have already used Crypto++ in other parts of my application, I would like to utilize Crypto++ for this as well.
The device is very primitive but allows executing a program I write on it. It has raw RSA and SHAa functions built-in; However, it has very little memory to work with, 2K bytes to be precise.
I have to encrypt and sign a message from a PC. Then the device decrypts and verifies the message. The device will then reply an encrypted message and sign on it. The PC will decrypt the message and verify it afterwards. I have implemented the raw RSA encryption, signature and verification with SHA1 inside the device using the built-in functions. The messages is short enough to be done in a single round.
However, I don't know how to encrypt a message with raw RSA using Crypto++ without involving OAEP or PKCS#1. Could somebody kind enough to show me some sample code? Thanks a ton!
Best Answer
That's easy enough when you know where to look: Raw RSA from the Crypto++ wiki. The code below was taken from the page.
Encryption
Decryption
Here's a sample output:
There is one caveat:
c = m ^ e mod n
, so there are some limits on plaint text size and cipher text size. Essentially,m
andc
must be smaller thann
. In this example, replacing the stringsecret
withnow is the time for all good men to come to the aid of their country
would fail because it's larger thann
when converted to anInteger
.You can get the maximum plain text size with the function
MaxPreImage()
, and the maximum cipher text size withMaxImage()
.On the surface, this looks like it will suffer replay attacks. You might need a protocol with the protection.