PKCS1Padding

 PKCS #1: RSA Encryption
                              Version 1.5
将数据D转换为EB的过程应该就是PKCS1的过程

Encryption-block formatting
   A block type BT, a padding string PS, and the data D shall be
   formatted into an octet string EB, the encryption block.

              EB = 00 || BT || PS || 00 || D .           (1)
   其中EB是我们填充后的待加密HEX表示的串,BT表示块类型,PS表示填充数据,D其实就表示我们要加密的明文数据
   ||符号表示字符串连接
   

   The block type BT shall be a single octet indicating the structure of
   the encryption block. For this version of the document it shall have
   value 00, 01, or 02. For a private- key operation, the block type
   shall be 00 or 01. For a public-key operation, it shall be 02.
   BT用一个字节表示,在目前的版本上,有三个值00 01 02,如果使用公钥操作,BT永远为02,
   如果用私钥操作则可能为00或01,原因在后面有讲



   The padding string PS shall consist of k-3-||D|| octets. For block
   type 00, the octets shall have value 00; for block type 01, they
   shall have value FF; and for block type 02, they shall be
   pseudorandomly generated and nonzero. This makes the length of the
   encryption block EB equal to k.

   PS由k-3-||D||这么多个字节构成
   k表示密钥的字节长度,如果我们用1024bit的RSA密钥,这个长度就是1024/8=128
   ||D||表示明文数据D的字节长度
   
   而这么多字节的值是多少呢?
   对于BT为00的,则这些字节全部为00,对于BT为01的这些值全部为FF,对于BT为02的,这些字节的值随机产生但不能是0字节(就是00)
   这就保证了我们总能把一个明文数据填充到跟密钥长度一样长

   Notes.

        1.   The leading 00 octet ensures that the encryption
             block, converted to an integer, is less than the modulus.
             公式(1)中最开始的00保证了填充后的数据,转换成一个大整数后,不会比我们RSA密钥对中的模数大.
             (这个好像是RSA算法的要求)

        2.   For block type 00, the data D must begin with a
             nonzero octet or have known length so that the encryption
             block can be parsed unambiguously. For block types 01 and
             02, the encryption block can be parsed unambiguously since
             the padding string PS contains no octets with value 00 and
             the padding string is separated from the data D by an octet
             with value 00.
             对于BT为00的,数据D中的数据就不能以00字节开头,要不然会有歧义,因为这时候你PS填充的也是00,就分不清哪些是填充数据哪些是明文数据了
              但如果你的明文数据就是以00字节开头怎么办呢?对于私钥操作,你可以把BT的值设为01,这时PS填充的FF,那么用00字节就可以区分填充数据和明文数据
              对于公钥操作,填充的都是非00字节,也能够用00字节区分开

        3.   Block type 01 is recommended for private-key
             operations. Block type 01 has the property that the
             encryption block, converted to an integer, is guaranteed to
             be large, which prevents certain attacks of the kind
             proposed by Desmedt and Odlyzko [DO86].
             如果你使用私钥加密,建议你BT使用01,保证了安全

        4.   Block types 01 and 02 are compatible with PEM RSA
             encryption of content-encryption keys and message digests
             as described in RFC 1423.

             摘要相关


        5.   For block type 02, it is recommended that the
             pseudorandom octets be generated independently for each
             encryption process, especially if the same data is input to
             more than one encryption process.  Hastad's results [Has88]
             motivate this recommendation.
             对于BT为02,好像就是建议使用独立的随机数生成器

        6.   For block type 02, the padding string is at least
             eight octets long, which is a security condition for
             public-key operations that prevents an attacker from
             recoving data by trying all possible encryption blocks. For
             simplicity, the minimum length is the same for block type
             01.
             对于BT为02和01的,PS至少要有8个字节长,BT为02肯定是公钥加密,01肯定是私钥加密,要保证PS有八个字节长
             ||EB|| = ||00|| +||BT||+||PS||+||00||+||D||=k
             所以
             ||PS|| = k-||00||-||BT||-||00||-||D||>=8
             所以k-1-1-1-||D||>=8
             ||D||<=k-11
             所以当我们使用128字节密钥对数据进行加密时,明文数据的长度不能超过过128-11=117字节
            
            

        7.   This document may be extended in the future to
             include other block types.



当RSA要加密数据大于 k-11字节时怎么办呢?标准没有给出,只是在8-4中说文档有可能扩展到处理比k-11字节大的明文数据
原文的意思应该是可以扩展到处理比k-11字节大的明文数据  把明文数据按照D的最大长度分块然后逐块加密,最后把密文拼起来就行.

8. Encryption process

   This section describes the RSA encryption process.

   The encryption process consists of four steps: encryption- block
   formatting, octet-string-to-integer conversion, RSA computation, and
   integer-to-octet-string conversion. The input to the encryption
   process shall be an octet string D, the data; an integer n, the
   modulus; and an integer c, the exponent. For a public-key operation,
   the integer c shall be an entity's public exponent e; for a private-
   key operation, it shall be an entity's private exponent d. The output
   from the encryption process shall be an octet string ED, the
   encrypted data.

   The length of the data D shall not be more than k-11 octets, which is
   positive since the length k of the modulus is at least 12 octets.
   This limitation guarantees that the length of the padding string PS
   is at least eight octets, which is a security condition.

   Notes.

        1.   In typical applications of this document to
             encrypt content-encryption keys and message digests, one
             would have ||D|| <= 30. Thus the length of the RSA modulus
             will need to be at least 328 bits (41 octets), which is
             reasonable and consistent with security recommendations.

        2.   The encryption process does not provide an
             explicit integrity check to facilitate error detection
             should the encrypted data be corrupted in transmission.
             However, the structure of the encryption block guarantees
             that the probability that corruption is undetected is less
             than 2-16, which is an upper bound on the probability that
             a random encryption block looks like block type 02.

        3.   Application of private-key operations as defined
             here to data other than an octet string containing a
             message digest is not recommended and is subject to further
             study.




Kaliski                      Informational                      [Page 8]

RFC 2313                PKCS #1: RSA Encryption               March 1998


        4.   This document may be extended to handle data of
             length more than k-11 octets.

你可能感兴趣的:(加密,String,Integer,encryption,BT,structure)