SHA256withRSA what does it do and in what order?

java ios cryptography rsa sha256
Whyser picture Whyser · Jan 9, 2014 · Viewed 26.7k times · Source

I'm a total newbie when it comes to cryptography and such things. I don't (and dont want to) know the details of the SHA256 and RSA. I "know" what they do, not how they do it, and for now that's enough.

I'm wondering what the "SHA256withRSA"-algorithm (if you can call it that) actually do and in what order. For example, does it hash the data with SHA256 and then encrypts it using RSA or is it vice-versa, or something else?

The reason I'm asking is because I wanna do the java equivalent of: 

Signature.getInstance("SHA256withRSA")
signature.initSign(privateKey); //privateKey == a key extracted from a .p12 file

in Objective-C on iOS. And I couldn't seem to find any stuff that does exactly this, therefore I'm asking, can I just hash the data (SHA256) and then encrypt it (RSA) (or vice-versa) and get the same behavior?

What is the suggested solution for doing this kind of thing?

Thank you!

EDIT: I failed to mention that I sign the data using a private key that is obtained by doing:

KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(new File(filename)), password.toCharArray());
PrivateKey privateKey = (PrivateKey)keystore.getKey(alias, password.toCharArray());

Where filename is for example: "/somewhere/mykey.p12".

Answer

Maarten Bodewes picture Maarten Bodewes · Jan 9, 2014

"SHA256withRSA" implements the PKCS#1 v1.5 padding and modular exponentiation with the formal name RSASSA-PKCS1-v1_5 after calculating the hash over the data using SHA256.

So the general order is:

  1. hashing;
  2. padding the hash for signature generation;
  3. modular exponentiation using the private exponent and the modulus.

The padding used for encryption and signature generation is different, so using encryption may result in erroneous signatures.

The PKCS#1 v1.5 padding scheme has been superseded by PSS. For new protocols it is advisable to use the PSS scheme instead. For RSA a very readable public standard exists. This standard has also been used as a base for RFC 3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 (which is basically a copy).

With regards to the padding in iOS, please check this answer by Thomas Pornin. Basically you should create the SHA-256 hash, prefix a static block of data (defined in the PKCS#1 specifications) then use SecKeyRawSign using kSecPaddingPKCS1.

For your convenience, the PKCS#1 defined block of data that needs to be prefixed in hex notation for SHA-256 (it can be bit hard to find in the standard documents, it's in the notes of section 9.2):

30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20

Notes:

  • The above steps do not include the conversion from bytes to integer and vice versa. The result of raw RSA operations are generally converted to an unsigned big endian encoding with the same size of the modulus in bytes (which is generally the same as the key size, as the key size is already a multiple of 8). These conversions are called I2OSP and OS2IP in the RFC's.

Related questions

Alternative to zxing QR reader library for Java/Android?

Is there any other library other than Zxing that can be used to create a QR code reader EVEN IF IT'S NOT FREE. of-course a free one will be great. but I'm also willing to pay to get a library …

Read More
Setting up appium for iOS app test automation

Looking far and wide for a step-by-step guide to set-up iOS Test Automation using appium, with scripts in Java (no ruby and/or cucumber). Note: The appium wiki is not helpful either.

Read More
How to add subcollection to a document in Firebase Cloud Firestore

The documentation does not have any examples on how to add a subcollection to a document. I know how to add document to a collection and how to add data to a document, but how do I add a collection (…

Read More