\& int RSA_private_encrypt(int flen, unsigned char *from,
\& unsigned char *to, RSA *rsa, int padding);
.Ve
.Vb2
\& int RSA_public_decrypt(int flen, unsigned char *from,
\& unsigned char *to, RSA *rsa, int padding);
.Ve
.SH"DESCRIPTION"
These functions handle RSA signatures at a low level.
.PP
\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a
message digest with an algorithm identifier) using the private key
\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to
\fBRSA_size(rsa)\fR bytes of memory.
.PP
\fBpadding\fR denotes one of the following modes:
.Ip"\s-1RSA_PKCS1_PADDING\s0"4
\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the
\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or
verifying \s-1PKCS\s0 #1 signatures, the \fIRSA_sign(3)|RSA_sign(3)\fR manpage and the \fIRSA_verify(3)|RSA_verify(3)\fR manpage should be
used.
.Ip"\s-1RSA_NO_PADDING\s0"4
Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement
cryptographically sound padding modes in the application code.
Signing user data directly with \s-1RSA\s0 is insecure.
.PP
\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR
bytes long signature at \fBfrom\fR using the signer's public key
\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the
message digest (which is smaller than \fBRSA_size(rsa) \-
11\fR). \fBpadding\fR is the padding mode that was used to sign the data.
.SH"RETURN VALUES"
\fIRSA_private_encrypt()\fR returns the size of the signature (i.e.,
\fIRSA_size\fR\|(rsa)). \fIRSA_public_decrypt()\fR returns the size of the
recovered message digest.
.PP
On error, \-1 is returned; the error codes can be
obtained by the \fIERR_get_error(3)|ERR_get_error(3)\fR manpage.
.SH"SEE ALSO"
the \fIerr(3)|err(3)\fR manpage, the \fIrsa(3)|rsa(3)\fR manpage, the \fIRSA_sign(3)|RSA_sign(3)\fR manpage, the \fIRSA_verify(3)|RSA_verify(3)\fR manpage
.SH"HISTORY"
The \fBpadding\fR argument was added in SSLeay 0.8. RSA_NO_PADDING is