PKCS1 - Schemes

Schemes

By themselves the primitive operations do not necessarily provide any security. The concept of a cryptographic scheme is to define higher level algorithms or uses of the primitives so they achieve certain security goals.

There are two schemes for encryption and decryption:

• RSAES-OAEP: improved encryption/decryption scheme; based on the Optimal Asymmetric Encryption Padding scheme proposed by Mihir Bellare and Phillip Rogaway.
• RSAES-PKCS1-v1_5: older encryption/decryption scheme as first standardized in version 1.5 of PKCS #1.

There are also two schemes for dealing with signatures:

• RSASSA-PSS: improved probabilistic signature scheme with appendix; based on the Probabilistic Signature Scheme originally invented by Bellare and Rogaway.
• RSASSA-PKCS1-v1_5: old signature scheme with appendix as first standardized in version 1.5 of PKCS #1.

The two signature schemes make use of separately defined encoding methods:

• EMSA-PSS: encoding method for signature appendix, probabilistic signature scheme.
• EMSA-PKCS1-v1_5: encoding method for signature appendix as first standardized in version 1.5 of PKCS #1.

The signature schemes are actually signatures with appendix, which means that rather than signing some input data directly a hash function is used first to produce an intermediary representation of the data and then the result of the hash is signed. This technique is almost always used with RSA because the amount of data that can be directly signed is proportional to the size of the keys; which is almost always much smaller than the amount of data an application may wish to sign.