// RSA is able to encrypt only a very limited amount of data. In order // to encrypt reasonable amounts of data a hybrid scheme is commonly // used: RSA is used to encrypt a key for a symmetric primitive like // AES-GCM. // // Before encrypting, data is “padded” by embedding it in a known // structure. This is done for a number of reasons, but the most // obvious is to ensure that the value is large enough that the // exponentiation is larger than the modulus. (Otherwise it could be // decrypted with a square-root.) // // In these designs, when using PKCS #1 v1.5, it's vitally important to // avoid disclosing whether the received RSA message was well-formed // (that is, whether the result of decrypting is a correctly padded // message) because this leaks secret information. // DecryptPKCS1v15SessionKey is designed for this situation and copies // the decrypted, symmetric key (if well-formed) in constant-time over // a buffer that contains a random key. Thus, if the RSA result isn't // well-formed, the implementation uses a random key in constant time. func ExampleDecryptPKCS1v15SessionKey() { … } func ExampleSignPKCS1v15() { … } func ExampleVerifyPKCS1v15() { … } func ExampleEncryptOAEP() { … } func ExampleDecryptOAEP() { … }
Codebase Browser
go