#### 3.6.2 RSA

- [det]
**rsa_sign**(`+Key, +Data, -Signature, +Options`) - Create an RSA signature for
`Data`with private key`Key`.`Options`:**type**(`+Type`)- SHA algorithm used to compute the digest. Values are
`sha1`

,`sha224`

,`sha256`

,`sha384`

or`sha512`

. The default is a cryptographically secure algorithm. If you specify a variable, then it is unified with the algorithm that was used. **encoding**(`+Encoding`)`Encoding`to use for`Data`. Default is`hex`

. Alternatives are`octet`

,`utf8`

and`text`

.

This predicate can be used to compute a

`sha256WithRSAEncryption`

signature as follows:sha256_with_rsa(PemKeyFile, Password, Data, Signature) :- Algorithm = sha256, read_key(PemKeyFile, Password, Key), crypto_data_hash(Data, Hash, [algorithm(Algorithm), encoding(octet)]), rsa_sign(Key, Hash, Signature, [type(Algorithm)]). read_key(File, Password, Key) :- setup_call_cleanup( open(File, read, In, [type(binary)]), load_private_key(In, Password, Key), close(In)).

Note that a hash that is computed by crypto_data_hash/3 can be directly used in rsa_sign/4 as well as ecdsa_sign/4.

- [semidet]
**rsa_verify**(`+Key, +Data, +Signature, +Options`) - Verify an RSA signature for
`Data`with public key`Key`.`Options`:**type**(`+Type`)- SHA algorithm used to compute the digest. Values are
`sha1`

,`sha224`

,`sha256`

,`sha384`

or`sha512`

. The default is the same as for rsa_sign/4. This option must match the algorithm that was used for signing. When operating with different parties, the used algorithm must be communicated over an authenticated channel. **encoding**(`+Encoding`)`Encoding`to use for`Data`. Default is`hex`

. Alternatives are`octet`

,`utf8`

and`text`

.