# 7.10. Performing Raw Encryption with an RSA Public Key

## Problem

You want to encrypt a small message using an RSA public key so that only an entity with the corresponding private key can decrypt the message.

## Solution

Your cryptographic library should have a straightforward API to the RSA encryption algorithm: you should be able to give it the public key, the data to encrypt, a buffer for the results, an indication of the data’s length, and a specification as to what kind of padding to use (EME-OAEP padding is recommended).

When using OpenSSL, this can be
done with the ```
RSA_public_encrypt(
)
```

function, defined in
*openssl/rsa.h*.

If, for some reason, you need to implement RSA on your own (which we strongly recommend against), refer to the Public Key Cryptography Standard (PKCS) #1, Version 2.1 (the latest version).

## Discussion

### Tip

Be sure to read the generic considerations for public key cryptography in Recipe 7.1 and Recipe 7.2.

Conceptually, RSA encryption is very simple. A message is translated
into an integer and encrypted with integer math. Given a message
*m* written as an integer, if you want to encrypt
to a public key, you take the modulus *n* and the
exponent *e* from that public key. Then compute
*c* =
*m*
^{e} mod
*n*, where *c* is the
ciphertext, written as an integer. Given the ciphertext, you must
have the private key to recover *m*. The private
key consists of a single integer *d*, which can
undo the encipherment with the operation *m* =
*cd* mod *n*.

This scheme is believed to be as “hard” as factoring ...

Get *Secure Programming Cookbook for C and C++* now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.