#cryptxdevquotes: That's not how RSA works, you idiot. - MateoConLechuga

Module Functionality
Provides an encryption-only implemention of the Rivest-Shamir Adleman (RSA) public key encrytion system. RSA is still widely used at the start of an encrypted connection to negotiate a secret for a faster encryption algorithm like AES.



Defines the maximum byte length of an RSA public modulus supported by this library.

Response Codes

enum rsa_error_t

Defines response codes returned by calls to the RSA API.


enumerator RSA_OK

RSA encryption completed successfully.

enumerator RSA_INVALID_ARG

RSA encryption failed, bad argument.

enumerator RSA_INVALID_MSG

RSA encryption failed, bad msg or msg too long.


RSA encryption failed, modulus invalid.


RSA encryption failed, OAEP encoding error.


rsa_error_t cryptx_rsa_encrypt(const void *msg, size_t msglen, const void *pubkey, size_t keylen, void *ciphertext, uint8_t oaep_hash_alg)

Encrypts a message using the given RSA public key.

  • msg – Pointer to a message to encrypt using RSA.

  • msglen – The byte length of the msg.

  • pubkey – Pointer to a public key to use for encryption.

  • keylen – The length of the public key (modulus) to encrypt with.

  • ciphertext – Pointer a buffer to write the ciphertext to.

  • oaep_hash_alg – The numeric ID of the hashing algorithm to use within OAEP encoding. See cryptx_hash_algorithms.


An rsa_error_t indicating the status of the RSA operation.

// client awaits RSA key from server
uint8_t rsa_pubkey[CRYPTX_RSA_MODULUS_MAX];
size_t rsa_len;
network_recv(rsa_pubkey, &rsa_len);
uint8_t rsa_ciphertext[rsa_len];

// use RSA for secret encryption
uint8_t aes_key[CRYPTX_KEYLEN_AES256];
if(!cryptx_csrand_fill(aes_key, sizeof(aes_key)))) return;

if(cryptx_rsa_encrypt(aes_key, CRYPTX_KEYLEN_AES256,
                      rsa_pubkey, rsa_len,
                      rsa_ciphertext, SHA256) != AES_OK)

network_send(rsa_ciphertext, rsa_len);


  1. This implementation automatically applies Optimal Asymmetric Encryption Padding (OAEP) v2.2 encoding to the message. The length of the plaintext message to encrypt cannot exceed len(public_modulus) - (2 * chosen_hash_digestlen) - 2.

  2. The length of the ciphertext returned is the same length as the public modulus used for encryption. This means you can allocate/reserve a buffer of that size, or just use the macro defined above for the maximum length.