Raw RSA decryption/signing

Question

I'm implementing RSACryptoToken, that is an interface for RSA cryptographic tokens, according to the documentation. There are twp methods, called decryptRSA and signRSA - they should be implemented. In documentation there is an info, that they should perform a raw RSA decryption and raw RSA signing operations.

1. What means raw RSA operation?
2. Does it mean, without padding?
3. Does BlackBerry or Bouncy Castle provides such API?

Answer 1

I solved the problem, the operations signRSA and decryptRSA should perform the same pure modulus operation

thanks for help

Answer 2

Basically PKCS#1 v1.5 consists of three parts:

1. the RSA operations themselves,
2. the PKCS#1 padding and
3. an ASN.1 encodign of the hash.

The hash is ASN.1 encoded to include an ASN.1 Object Identifier which uniquely specifies the hash that is used, and the value, like this:

DigestInfo ::= SEQUENCE {
    digestAlgorithm AlgorithmIdentifier,
    digest OCTET STRING
}

This is directly copied from the PKCS#1 specifications (which are pretty readable and publicly available). Note that the encoding is directly specified as bytes as well in the standards.

Blackberry operations only provide 1) and 2), meaning that you have to supply an ASN.1, DER encoded structure containing the hash yourself. No such a structure is defined for the encryption/decryption, only the padding is removed.

Encryption uses random padding (internally) versus non-random padding for signatures. This allows you to encrypt "YES" twice, while an eavesdropper cannot detect if it is YES or NO. The padding is also required to protect the signature against attacks.