SHA256withRSA what does it do and in what order?

Question

I\'m a total newbie when it comes to cryptography and such things. I don\'t (and dont want to) know the details of the SHA256 and RSA. I \"know\" what they do, not how they

Answer 1

"SHA256withRSA" implements the PKCS#1 v1.5 padding and modular exponentiation with the formal name RSASSA-PKCS1-v1_5 after calculating the hash over the data using SHA256.

So the general order is:

1. hashing;
2. padding the hash for signature generation;
3. modular exponentiation using the private exponent and the modulus.

The padding used for encryption and signature generation is different, so using encryption may result in erroneous signatures.

---

The PKCS#1 v1.5 padding scheme has been superseded by PSS. For new protocols it is advisable to use the PSS scheme instead. For RSA a very readable public standard exists. This standard has also been used as a base for RFC 3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 (which is basically a copy).

---

With regards to the padding in iOS, please check this answer by Thomas Pornin. Basically you should create the SHA-256 hash, prefix a static block of data (defined in the PKCS#1 specifications) then use SecKeyRawSign using kSecPaddingPKCS1.

For your convenience, the PKCS#1 defined block of data that needs to be prefixed in hex notation for SHA-256 (it can be bit hard to find in the standard documents, it's in the notes of section 9.2):

30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20

---

Notes:

• The above steps do not include the conversion from bytes to integer and vice versa. The result of raw RSA operations are generally converted to an unsigned big endian encoding with the same size of the modulus in bytes (which is generally the same as the key size, as the key size is already a multiple of 8). These conversions are called I2OSP and OS2IP in the RFC's.