• Pico HSM
Portada » Blog » Encryption and Decryption with RSA

Encryption and Decryption with RSA

Pico HSM supports in place decryption of arbitrary data and encryption with any app. It supports the following algorithms:

RSA-PKCS

RSA-X-509

RSA-PKCS-OAEP

ECDH-DERIVE

Encrypt and decrypt is a fundamental operation in cryptography. Usually, the data is encrypted with the public key and is decrypted with the private key. Therefore, anyone can encrypt data and send it securely to the recipient, which is the only allowed to decrypt it, as it is the only in possession of the private key used for decryption.

RSA is the traditional way to encrypt and decrypt data and it has three variants. The PKCS is the raw version, which takes the data and performs the RSA encryption. The raw data is recovered by performing the inverse step. The RSA-X-509 is a prepended version of the raw variant, with an ASN.1 structure that contains all relevant parameters. Finally, RSA-PKCS-OAEP is the most recent variant for RSA encryption and it is considered the most secure and robust.

On the contrary, elliptic curves do not accept to encrypt/decrypt data. Instead, if an encryption method with an elliptic curve is needed, an intermediate step is performed to derive a symmetric key. Whilst RSA is a pure asymmetric cryptographic operation, this derivation step from an elliptic curve is a symmetric step that uses a secret key for both transmitter and receiver, named ECDH derivation. Based on a foreign public key (an elliptic point) and a private key (an elliptic number), it is possible to derive a secret key, shared by the two peers that will be used to encrypt and decrypt the data.

Preliminar

Before going to the encryption, we prepare the data. In the file `data` we put some arbitrary data:

``\$ echo "This is a test string. Be safe, be secure." > data``

To create the signatures, we use the OpenSSL tool. This tool requires the use public keys in the form of DER and PEM, which will be used for verification. In our example, we employ the ECC located at key id 2:

``````\$ pkcs11-tool --read-object --pin 648219 --id 2 --type pubkey > 2.der
\$ openssl ec -inform DER -outform PEM -in 2.der -pubin > 2.pub``````

The `--id` parameter identifies the internal private key with id number `2`. The first line retrieves the public key associated to the private key with id number `2` and stores the public key into the file `2.der`.

The second line converts the public key from DER format to PEM.

To use the sc-tool, first install the sc-hsm-embedded driver. Follow instructions in its page for building and installing. Then, create the following alias:

``\$ alias sc-tool=pkcs11-tool --module /path/to/libsc-hsm-pkcs11.so``

RSA-PKCS

This algorithm uses the PKCSv1.5 padding. It is considered deprecated and insecure. First, we encrypt the data with the public key:

``````\$ openssl rsautl -encrypt -inkey 1.pub -in data -pubin -out data.crypt
``````

Then, we decrypt with the private key inside the Pico HSM:

``````\$ pkcs11-tool --id 1 --pin 648219 --decrypt --mechanism RSA-PKCS -i data.crypt
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-PKCS
This is a test string. Be safe, be secure.
``````

RSA-X-509

In this algorithm, the data must be padded with a length equal to the size of private key (128, 256, 512 bytes for RSA-1024, RSA-2048 and RSA-4096, respectively).

First, we pad the data. The original data file occupies 29 bytes. Thus, for a 2048 bits key, a padding of 227 bytes is needed:

``````\$ cp data data_pad
\$ dd if=/dev/zero bs=1 count=227 >> data_pad
``````

We encrypt the data with the public key:

``````\$ openssl rsautl -encrypt -inkey 1.pub -in data_pad -pubin -out data.crypt -raw
``````

Then, we decrypt with the private key inside the Pico HSM:

``````\$ cat data.crypt|pkcs11-tool --id 1 --pin 648219 --decrypt --mechanism RSA-X-509
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-X-509
This is a test string. Be safe, be secure.``````

RSA-PKCS-OAEP

This algorithm is defined as PKCSv2.1 and it includes a padding mechanism to avoid garbage. Currently it only supports SHA256.

To encrypt the data:

``````\$ openssl pkeyutl -encrypt -inkey 1.pub -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -in data -out data.crypt
``````

To decrypt with the private key inside the Pico HSM:

``````\$ pkcs11-tool --id 1 --pin 648219 --decrypt --mechanism RSA-PKCS-OAEP -i data.crypt
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-PKCS-OAEP
OAEP parameters: hashAlg=SHA256, mgf=MGF1-SHA256, source_type=0, source_ptr=0x0, source_len=0
This is a test string. Be safe, be secure.``````