Root > Reference > All Functions > RSADecrypt

Procedure RSADecrypt

 		Previous pageReturn to chapter overviewNext page   

Decrypts encrypted data by using RSA cipher.

 

Unit

EEncrypt

 

Syntax

 

Code (Delphi)

procedure RSADecrypt(

const AKey: TRSAKey;

const AEncryptedData: Pointer;

out AData: Pointer;

var ADataSize: Cardinal

); overload;

 

function RSADecrypt(

const AKey: TRSAKey;

const AEncryptedData: RawByteString

): RawByteString; overload;

 

procedure RSADecrypt(

const AKey: TRSAKey;

var AInPlaceData: TEncryptBuffer

); overload;

 

Parameters

AKey [in]

A key for decryption. Comes from RSAGenKey function or RSALoadPrivateKey function. A private key will be used.

 

AEncryptedData [in]

A data to decrypt. Must be in little-endian format.

 

AData [out]

A decrypted AEncryptedData's "clear text" data. Must be deleted with FreeMem function (but we recommend to use SecureFree function instead). Will have different size from AData.

 

ADataSize [in]

On input: size of AEncryptedData.

On output: size of AData.

 

AEncryptedData [in]

Encrypted data (in string form) to decrypt. Must be in little-endian format.

 

AInPlaceData [in, out]

On input: encrypted buffer to decrypt. Must be in little-endian format.

On output: "clear text" buffer (same size).

 

Return value

Decrypted "clear text" data.

 

Remarks

This function decrypts data previosly encrypted with RSAEncrypt function with private key of asymmetric RSA cipher. The encrypted data is passed in AEncryptedData parameter. The function outputs decrypted data back to AData parameter. AData expected to have different size from AEncryptedData. In other words, asymmetric decryption with RSA does change the size of the data.

 

The overload variant with RawByteString decrypts AEncryptedData parameter and outputs decrypted data as function's result.

 

The overload variant with AInPlaceData decrypts data "in place".

 

Important!

Asymmetric chipers are slow. Therefore, they are not designed to encrypt/decrypt large amount of data. The usual approach is to use asymmetric chiper to encrypt/decrypt another key - a key for some symmetric cipher, and then use (fast) symmetric cipher to encrypt/decrypt large amounts of data.

 

Tip

You always use public key for encryption and private key for decryption with asymmetric cipher - and not the other way around. You should use digital signing and verification for reversed order. I.e. you sign data by using your private key and verify signature by using your public key.

 

Examples

 

Code (Delphi)

// This example decrypts file encrypted in code example for RSAEncrypt

// The source file contains encrypted (random) symmetric key in

// the beginning of the file, followed by encrypted data.

var

// (Random) symmetric key to decrypt file

TEAKey: TTEAKey;

// Asymmetric key to encrypt symmetric key

RSAKey: TRSAKey;

// Encrypted symmetric key

EncryptedKey: TEncryptBuffer;

// File/data to decrypt

Data: TMemoryStream;

// Wrapper for "in place" decryption

DataToDecrypt: TEncryptBuffer;

// Stream to read encrypted data

FS: TFileStream;

begin

FS := TFileStream.Create('C:\Test\Text.bin', fmOpenRead or fmShareDenyWrite);

try

 

try

// First, read encrypted (random) symmetric key from source

FS.ReadBuffer(EncryptedKey.cbData, SizeOf(EncryptedKey.cbData));

EncryptedKey.pbData := AllocMem(EncryptedKey.cbData);

try

 FS.ReadBuffer(EncryptedKey.pbData^, EncryptedKey.cbData);

 

 // Decrypt symmetric key with asymmetric (private) key

 RSAKey := RSALoadPrivateKey('C:\Private.pem', rsText, 'Private key password (if any set)');

 try

 EEncrypt.RSADecrypt(RSAKey, EncryptedKey);

 finally

 RSADestroyKey(RSAKey);

 end;

 

 // Copy unencrypted buffer into actual key

 Assert(EncryptedKey.cbData = SizeOf(TEAKey));

 Move(EncryptedKey.pbData^, TEAKey, SizeOf(TEAKey));

 

finally

 SecureFree(EncryptedKey);

end;

 

// Now we have symmetric key to decrypt actual file's content (data)

 

Data := TMemoryStream.Create;

try

 // The rest of the file is the actual data to decrypt

 Data.CopyFrom(FS, FS.Size - FS.Position);

 

 // Decrypt Data in place

 DataToDecrypt.pbData := Data.Memory;

 DataToDecrypt.cbData := Data.Size;

 

 // This does not alter Data.Memory and Data.Size

 // It simply changes content of Data.Memory^

 TEADecrypt(TEAKey, DataToDecrypt);

 

 // Symmetric key is no longer needed

 TEADestroyKey(TEAKey); // - same as SecureFree(TEAKey);

 

 // File/data is decrypted - save final result into file

 Data.SaveToFile('C:\Text.txt');

finally

 SecureFree(Data);

end;

 

finally

TEADestroyKey(TEAKey); // - same as SecureFree(TEAKey);

end;

finally

FreeAndNil(FS);

end;

end;

 

See also



Send feedback... Build date: 2025-07-19
Last edited: 2025-07-19
PRIVACY STATEMENT
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: https://www.eurekalog.com/help/eurekalog/topic_function_eencrypt_rsadecrypt.php