**PUBENCIPHER**

**Parameter Descriptions:**

- ALGID:
- Specifies the encryption algorithm to be used:
- MODULUS_SIZE:
- Specifies the size of the key modulus in bytes.
- RCVR_PUBKEY:
- Specifies the address that points to the string
of bytes containing the public key of the intended recipient
of the enciphered message.
- PLEN:
- Specifies the length of the plaintext data in
bytes. For the RSA encryption algorithm, PLEN should be
no greater than MODULUS_SIZE.
- PT:
- Specifies the address that points to the string of
bytes containing the plaintext data. For the RSA encryption
algorithm, the binary value of PT must be less than the
binary value of the key modulus.
- CLEN:
- Specifies the length of the ciphertext in bytes.
For the RSA encryption algorithm, CLEN would be no greater
than MODULUS_SIZE.
- CT:
- Specifies the address that points to the string of
bytes containing the ciphertext. For the RSA encryption
algorithm, the binary value of CT would be less than the
binary value of the key modulus.
- STATUS:
- Specifies the address that points to the data
storage that will receive the result of processing the
service call.

This service call uses the encryption algorithm specified in
ALGID to encipher a message. Currently only the RSA algorithm
supports public-key encryption. The size of the key modulus is
specified in MODULUS_SIZE. The intended recipient's public key
(RCVR_PUBKEY) is used to encipher the plaintext message (PT)
of length PLEN. The resulting ciphertext (CT), its length
(CLEN), and the STATUS of the call are returned to the host.**PUBDECIPHER**

**Parameter Descriptions:**

- ALGID:
- Specifies the decryption algorithm to be used:
- MODULUS_SIZE:
- Specifies the size of the key modulus in bytes.
- RCVR_PRIKEYID:
- Specifies the address that points to the
character string containing the
identity of the message recipient's private key.
- CLEN:
- Specifies the length of the ciphertext in bytes. For the
RSA algorithm, CLEN should be no greater than
MODULUS_SIZE.
- CT:
- Specifies the address that points to the string of bytes
containing the ciphertext. For the RSA algorithm, the
binary value of CT should be less than the binary value of
the key modulus.
- PLEN:
- Specifies the length of the plaintext data in bytes. For
the RSA algorithm, PLEN would be no greater than
MODULUS_SIZE.
- PT:
- Specifies the address that points to the string of bytes
containing the plaintext data. For the RSA algorithm, the
binary value of PT would be less than the binary value of
the key modulus.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result
of processing the service call.

This service call uses the algorithm specified in ALGID to
decipher a message. Currently only the RSA algorithm supports
public-key decryption. The size of the key modulus is
specified in MODULUS_SIZE. The message recipient's private key
identified by RCVR_PRIKEYID is used to decipher the ciphertext
(CT) of length CLEN. The resulting plaintext (PT), its length
(PLEN), and the STATUS of the call are returned to the host.**SIGN**

**Parameter Descriptions:**

- ALGID:
- Specifies the algorithm used for enciphering:
- LEN:
- Specifies the length of the data in bytes
- DATA:
- Specifies the address that points to the string of bytes
containing the data to be processed
- MDID:
- Specifies the message digest algorithm used for
producing the message digest:
- PRIKEYID:
- Specifies the address that points to the character
string containing the
identity of the private key associated with the signer.
- SIGNLEN:
- Specifies the length of the signature in bytes
- SIGNATURE:
- Specifies the address that points to the string of
bytes containing the result
of applying the private key to the data.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result
of processing the service call.

This service call applies a message digest algorithm, specified by MDID, to the DATA of indicated LEN resulting in a message digest. Note that the DATA must be left justified (from the least significant byte to the most significant byte) and right padded with zeroes. The resulting message digest is used to compute a SIGNATURE, based on the ALGID specified, by applying the private key associated with PRIKEYID to the message digest.Note when a modulus is used, the message digest must be less than or equal to the modulus associated with the signature algorithm specified by ALGID. The service call returns the resulting SIGNATURE, SIGNLEN, and STATUS to the host.

NOTE1: Information such as USERID, CAID, and CASERIALNO could be in the data or sent separately in order to indicate the correct public key, PUBKEY, used to verify the signature.

NOTE2: When it is desired to compute the signature on the DATA
of indicated LEN without applying a hashing function, use
PUBDECIPHER.**VERIFYSIGNATURE**

**Parameter Descriptions:**

- ALGID:
- Specifies the algorithm used for enciphering:
- MDID:
- Specifies the message digest algorithm used for
producing the message digest:
- SIGNLEN:
- Specifies the length of the signature in bytes
- SIGNATURE:
- Specifies the address that points to the string of
bytes containing the result
of applying the private key to the data.
- CERTID:
- Specifies the address that points to the character
string containing the
identity of the certificate
- LEN:
- Specifies the length of the data in bytes
- DATA:
- Specifies the address that points to the string of bytes
containing the data to
be processed
- RESULT:
- Specifies the address that points to the data
storage that will receive the
result of the call, which is either 0 or 1
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service call.

Based on the ALGID specified, this service call verifies the SIGNATURE of indicated SIGNLEN by applying the public key obtained from the certificate associated with CERTID, to the SIGNATURE to reveal a Test Message Digest (TMD). It sets the correct RESULT to indicate if TMD is identical with the Message Digest (MD) computed by applying a message digest algorithm, specified by MDID, to the DATA of indicated LEN. Note when a modulus is used, the message digest must be less than or equal to the modulus of the signature algorithm, ALGID. The RESULT and STATUS are returned to the host.

NOTE: When it is desired to verify the signature on the DATA of indicated LEN without applying a hashing function, use PUBENCIPHER.

Fri Oct 7 16:17:21 EDT 1994