nRF5340 CC312 RSA 2048 psa_asymmetric_encrypt PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) Error Issue

You are trying to perform RSA encryption using CC312 on the nRF5340, but the function:

status = psa_asymmetric_encrypt(pub_key_handle,
                                PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
                                plainData,
                                plainDataLength,
                                NULL,  // Set label to NULL
                                0,     // Set label length to 0
                                encDataOut,
                                *encDataLen,
                                &outputLength);

returns -147 (PSA_ERROR_NOT_SUPPORTED) when CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y and CONFIG_PSA_CRYPTO_DRIVER_OBERON=n.

However, when CONFIG_PSA_CRYPTO_DRIVER_OBERON=y and CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n, the function works correctly.

board.conf

#
# Copyright (c) 2024 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
# Using Oberon software crypto
CONFIG_PSA_CRYPTO_DRIVER_OBERON=y
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n

# Mbedtls configuration
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=20480

prj.conf

#
# Copyright (c) 2024 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
CONFIG_MAIN_STACK_SIZE=20480
CONFIG_HEAP_MEM_POOL_SIZE=20480

# 로깅 Config 시작
CONFIG_LOG=y
CONFIG_USE_SEGGER_RTT=y
CONFIG_LOG_BACKEND_RTT=y
CONFIG_LOG_BACKEND_UART=n
CONFIG_LOG_BUFFER_SIZE=2048
CONFIG_LOG_PRINTK=n
CONFIG_LOG_MODE_DEFERRED=y
CONFIG_LOG_PROCESS_THREAD=y
# 로깅 Config 종료

# Config Clock Control 시작
CONFIG_SOC_ENABLE_LFXO=n

CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC=y

CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC_CALIBRATION=y

CONFIG_CLOCK_CONTROL_NRF_K32SRC_500PPM=y
# Config Clock Control 종료

# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_PSA_WANT_GENERATE_RANDOM=y

# CONFIG_PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER=y

CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE=y
CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE=y

CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y

# CONFIG_PSA_USE_CC3XX_ASYMMETRIC_ENCRYPTION_DRIVER=y
CONFIG_PSA_WANT_ALG_RSA_OAEP=y

# CONFIG_PSA_USE_CC3XX_HASH_DRIVER=y
CONFIG_PSA_WANT_ALG_SHA_256=y

# This samples source code explicitly uses an RSA key size of 4096
# CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=n
CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y

0 Einar Thorsrud 1 month ago

Hi,

Which SDK version are you using? Can you share more of your crypto related code (like key generation or key import) so that I can attempt to reproduce the same on my end?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 giun.kim 1 month ago in reply to Einar Thorsrud

Fullscreen 64627.main.c Download

/*
 * Copyright (c) 2021 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 */

#include <zephyr/kernel.h>
#include <zephyr/sys/printk.h>
#include <zephyr/logging/log.h>
#include <stdio.h>
#include <stdlib.h>
#include <psa/crypto.h>
#include <psa/crypto_extra.h>

#include "key.h"

#ifdef CONFIG_BUILD_WITH_TFM
#include <tfm_ns_interface.h>
#endif

#define APP_SUCCESS	    (0)
#define APP_ERROR	    (-1)
#define APP_SUCCESS_MESSAGE "Example finished successfully!"
#define APP_ERROR_MESSAGE   "Example exited with error!"

#define PRINT_HEX(p_label, p_text, len)                                                            \
	({                                                                                         \
		LOG_INF("---- %s (len: %u): ----", p_label, len);                                  \
		LOG_HEXDUMP_INF(p_text, len, "Content:");                                          \
		LOG_INF("---- %s end  ----", p_label);                                             \
	})

LOG_MODULE_REGISTER(rsa, LOG_LEVEL_DBG);

//### ADDED TO SAMPLE - START
uint8_t encrypted[294];

/* ====================================================================== */
/*				Global variables/defines for the RSA example			  */

// #ifndef CONFIG_PSA_WANT_RSA_KEY_SIZE_4096
// #error "This sample needs a key size of 4096"
// #endif

#define NRF_CRYPTO_EXAMPLE_RSA_TEXT_SIZE       (100)
#define NRF_CRYPTO_EXAMPLE_RSA_PUBLIC_KEY_SIZE (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(2048))
#define NRF_CRYPTO_EXAMPLE_RSA_SIGNATURE_SIZE  (PSA_BITS_TO_BYTES(2048))

#define PSA_ALG_RSA_OAEP_EN 1
#define PSA_ALG_RSA_PKCS1V15_CRYPT_EN 0

uint8_t key[16]={0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F};

/* Below text is used as plaintext for signing using RSA . */
static char m_plain_text[NRF_CRYPTO_EXAMPLE_RSA_TEXT_SIZE] = {
	"Example string to demonstrate basic usage of RSA."};

static char m_signature[NRF_CRYPTO_EXAMPLE_RSA_SIGNATURE_SIZE];
static char m_hash[32];

static psa_key_id_t keypair_handle;
static psa_key_id_t pub_key_handle;
/* ====================================================================== */

int crypto_init(void)
{
	psa_status_t status;

	/* Initialize PSA Crypto */
	status = psa_crypto_init();
	if (status != PSA_SUCCESS) {
		return APP_ERROR;
	}

	return APP_SUCCESS;
}

int import_rsa_pub_key(void)
{
    /* 기존 키가 있다면 삭제 */
    if (pub_key_handle != 0) {
        psa_destroy_key(pub_key_handle);
        pub_key_handle = 0;
    }

    /* Configure the key attributes */
    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_status_t status;

    /* ✅ PSA_KEY_USAGE_ENCRYPT 강제 적용 */
    psa_key_usage_t usage_flags = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT;
    psa_set_key_usage_flags(&key_attributes, usage_flags);
    psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);

#if PSA_ALG_RSA_PKCS1V15_CRYPT_EN
	psa_set_key_algorithm(&key_attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
#endif
#if PSA_ALG_RSA_OAEP_EN
	psa_set_key_algorithm(&key_attributes, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256));
#endif

    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
    psa_set_key_bits(&key_attributes, 2048);

    LOG_INF("Public key length = %d", sizeof(public_key_der));

    status = psa_import_key(&key_attributes, public_key_der, sizeof(public_key_der), &pub_key_handle);
    if (status != PSA_SUCCESS) {
        LOG_INF("psa_import_key failed! (Error: %d)", status);
        return APP_ERROR;
    }

    return APP_SUCCESS;
}

bool rsaEncrypt(uint8_t *plainData, uint16_t plainDataLength, uint8_t *encDataOut, uint16_t *encDataLen)
{
	psa_status_t status;
	uint32_t outputLength = 0;
	psa_key_attributes_t key_attr;

	// RSA 키 속성 가져오기
	psa_get_key_attributes(pub_key_handle, &key_attr);
	size_t rsa_key_size = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attr));

	// 디버깅 로그 추가
	LOG_INF("RSA Key Size (bytes): %d", rsa_key_size);
	LOG_INF("Encryption Buffer Size: %d", *encDataLen);

	// 키 크기 확인
	if (psa_get_key_bits(&key_attr) < 2048) {
		LOG_INF("RSA key size too small! Expected at least 2048 bits.");
		return PSA_ERROR_INVALID_ARGUMENT;
	}

#if PSA_ALG_RSA_OAEP_EN
	/* 🔍 키가 OAEP를 지원하는지 확인 */
	psa_algorithm_t key_alg = psa_get_key_algorithm(&key_attr);
	LOG_INF("Key Algorithm After Import: 0x%x", key_alg);

	if (key_alg != PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)) {
		LOG_INF("Error: Imported key does not support RSA_OAEP(SHA-256)");
		return PSA_ERROR_NOT_SUPPORTED;
	}


	// RSA-OAEP 최대 입력 데이터 크기 계산 (SHA-256 사용)
	size_t max_plaintext_size = rsa_key_size - (2 * 32) - 2;
	LOG_INF("Max Plaintext Size: %d, Provided Plaintext Size: %d", max_plaintext_size, plainDataLength);

	// 입력 크기 초과 확인
	if (plainDataLength > max_plaintext_size) {
		LOG_INF("Input data too large for RSA-OAEP!");
		return PSA_ERROR_INVALID_ARGUMENT;
	}
#endif

	// 키 타입 확인
	if (psa_get_key_type(&key_attr) != PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
		LOG_INF("Incorrect key type! Expected RSA public key.");
		return PSA_ERROR_INVALID_ARGUMENT;
	}

	// 키 사용 권한 확인
	psa_key_usage_t usage_flags = psa_get_key_usage_flags(&key_attr);
	if ((usage_flags & PSA_KEY_USAGE_ENCRYPT) == 0) {
		LOG_INF("Key does not have encryption usage flag!");
		return PSA_ERROR_NOT_PERMITTED;
	}

	LOG_INF("Key Type: 0x%x", psa_get_key_type(&key_attr));
	LOG_INF("Key Algorithm: 0x%x", psa_get_key_algorithm(&key_attr));
	LOG_INF("Key Usage Flags: 0x%x", psa_get_key_usage_flags(&key_attr));
	LOG_INF("Key Bits: %d", psa_get_key_bits(&key_attr));

#if PSA_ALG_RSA_OAEP_EN
	// Label 길이 문제 해결 → NULL 사용
	status = psa_asymmetric_encrypt(pub_key_handle,
					PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
					plainData,
					plainDataLength,
					NULL,  // Label을 NULL로 설정
					0,     // Label 길이를 0으로 설정
					encDataOut,
					*encDataLen,
					&outputLength);
#endif



#if PSA_ALG_RSA_PKCS1V15_CRYPT_EN

	// Label 길이 문제 해결 → NULL 사용
	status = psa_asymmetric_encrypt(pub_key_handle,
		PSA_ALG_RSA_PKCS1V15_CRYPT,
		plainData,
		plainDataLength,
		NULL,  // Label을 NULL로 설정
		0,     // Label 길이를 0으로 설정
		encDataOut,
		*encDataLen,
		&outputLength);
#endif

	if (status != PSA_SUCCESS) {
		LOG_INF("Encryption failed! Status: %d", status);
	} else {
		LOG_INF("Encryption successful! Output Length: %d", outputLength);
	}

	PRINT_HEX("Encrypted Data", encDataOut, *encDataLen);

	return status;
}


int testEncryption() {
    uint8_t encDataOut[256];  // 충분한 크기의 버퍼 할당
    uint16_t encDataLen = sizeof(encDataOut);  // 버퍼 크기를 설정

    int result = rsaEncrypt(key, sizeof(key), encDataOut, &encDataLen);
    if (!result) {
        LOG_INF("Encryption failed: %d\n", result);
        return APP_ERROR;
    }
	
    return APP_SUCCESS;
}

int crypto_finish(void)
{
	psa_status_t status;

	/* Destroy the key handle */
	status = psa_destroy_key(keypair_handle);
	if (status != PSA_SUCCESS) {
		LOG_INF("psa_destroy_key failed! (Error: %d)", status);
		return APP_ERROR;
	}

	status = psa_destroy_key(pub_key_handle);
	if (status != PSA_SUCCESS) {
		LOG_INF("psa_destroy_key failed! (Error: %d)", status);
		return APP_ERROR;
	}

	return APP_SUCCESS;
}

int main(void)
{
	int status;

	LOG_INF("Starting the RSA example...");

	status = crypto_init();
	if (status != APP_SUCCESS) {
		// LOG_INF(APP_ERROR_MESSAGE);
		return APP_ERROR;
	}
	status = import_rsa_pub_key();
	if (status != APP_SUCCESS) {
		// LOG_INF(APP_ERROR_MESSAGE);
		return APP_ERROR;
	}

	status = testEncryption();
	if (status != APP_SUCCESS) {
		// LOG_INF(APP_ERROR_MESSAGE);
		return APP_ERROR;
	}

	// k_msleep(1000); 

	// while (1)
	// {
	// 	for(int i = 0; i < 1; i++)
	// 	{
	// 		status = testEncryption();
	// 		if (status != APP_SUCCESS) {
	// 			LOG_INF(APP_ERROR_MESSAGE);
	// 			return APP_ERROR;
	// 		}
	// 	}

	// 	k_msleep(1000); 
	// }

	// status = crypto_finish();
	// if (status != APP_SUCCESS) {
	// 	LOG_INF(APP_ERROR_MESSAGE);
	// 	return APP_ERROR;
	// }

	return APP_SUCCESS;
}

The version in use is 2.8, and the executed main.c file has been uploaded.

0 Einar Thorsrud 1 month ago in reply to giun.kim

Hi,

Thanks. I see the same on my end. According to the documentation, RSA OAEP should be supported with CryptoCell as well, and I am checking internally to understand more about this.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 giun.kim 1 month ago in reply to Einar Thorsrud

I initially suspected that my custom board had an issue, but even when I ran the RSA example with a 2.8V supply on the nRF5340 DK board, setting the board target to cpuapp, the same issue occurred. Even when building with _ns, key import works, but encryption does not proceed.

My ultimate goal is to use the CC312 accelerator for RSA-2048 OAEP encryption and AES-CTR. I also suspect that cpuapp and cpuapp_ns are related to RSA encryption behavior.

I have already spent two days on this issue and would appreciate a quick resolution.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Einar Thorsrud 1 month ago in reply to giun.kim

Hi,

I origninally reproduced this issue by adding your code to the RSA sample, and that failes as you described. However, the reason is that the public key used in the sample is of the wrong size. with an updated 2048 bit public key (public_key_der) in nrf/samples/crypto/rsa/src/key.h, encyrption is successfull.

This is all the changes from the RSA sample in 2.9.1 (your changes except the fixed key size and UART instead of RTT logging):

Fullscreen rsa_sample_2.9.1.diff Download

diff --git a/samples/crypto/rsa/boards/nrf5340dk_nrf5340_cpuapp.conf b/samples/crypto/rsa/boards/nrf5340dk_nrf5340_cpuapp.conf
index bda352ac17..b27fd79c89 100644
--- a/samples/crypto/rsa/boards/nrf5340dk_nrf5340_cpuapp.conf
+++ b/samples/crypto/rsa/boards/nrf5340dk_nrf5340_cpuapp.conf
@@ -9,4 +9,4 @@ CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n
 
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
-CONFIG_MBEDTLS_HEAP_SIZE=16384
+CONFIG_MBEDTLS_HEAP_SIZE=20480
\ No newline at end of file
diff --git a/samples/crypto/rsa/prj.conf b/samples/crypto/rsa/prj.conf
index 8a4f9eec84..39ca509f6d 100644
--- a/samples/crypto/rsa/prj.conf
+++ b/samples/crypto/rsa/prj.conf
@@ -3,26 +3,47 @@
 #
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
-CONFIG_MAIN_STACK_SIZE=16384
-CONFIG_HEAP_MEM_POOL_SIZE=16384
+CONFIG_MAIN_STACK_SIZE=20480
+CONFIG_HEAP_MEM_POOL_SIZE=20480
 
 # Enable logging
 CONFIG_CONSOLE=y
 CONFIG_LOG=y
 CONFIG_LOG_MODE_IMMEDIATE=y
 
+# 로깅 Config 종료
+
+# Config Clock Control 시작
+CONFIG_SOC_ENABLE_LFXO=n
+
+CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC=y
+
+CONFIG_CLOCK_CONTROL_NRF_K32SRC_RC_CALIBRATION=y
+
+CONFIG_CLOCK_CONTROL_NRF_K32SRC_500PPM=y
+# Config Clock Control 종료
+
 # Enable nordic security backend and PSA APIs
 CONFIG_NRF_SECURITY=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_PSA_WANT_GENERATE_RANDOM=y
+
+# CONFIG_PSA_USE_CC3XX_KEY_MANAGEMENT_DRIVER=y
 
 CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
 CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT=y
 CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT=y
 CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE=y
 CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE=y
+
 CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
 
+# CONFIG_PSA_USE_CC3XX_ASYMMETRIC_ENCRYPTION_DRIVER=y
+CONFIG_PSA_WANT_ALG_RSA_OAEP=y
+
+# CONFIG_PSA_USE_CC3XX_HASH_DRIVER=y
 CONFIG_PSA_WANT_ALG_SHA_256=y
 
 # This samples source code explicitly uses an RSA key size of 4096
-CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=y
+# CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=n
+CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y
diff --git a/samples/crypto/rsa/src/key.h b/samples/crypto/rsa/src/key.h
index 96b95b6a4a..5a8be3eae1 100644
--- a/samples/crypto/rsa/src/key.h
+++ b/samples/crypto/rsa/src/key.h
@@ -166,7 +166,7 @@ const unsigned char private_key_der[] = {
 	0xc5, 0xef, 0x9d, 0xe5, 0x7d, 0x40, 0xef, 0xe0, 0xe9, 0x07, 0x6c, 0x6f, 0xf6, 0xe9, 0x23,
 	0xb5, 0xf1, 0x85, 0x87, 0x5e, 0x9e, 0x5b, 0xae, 0x8d, 0x29, 0x8d, 0xf6, 0x17, 0x83, 0x91,
 	0x16, 0x12, 0xcb, 0x6b, 0x6c, 0x13, 0x12, 0xda};
-
+#if 0
 const unsigned char public_key_der[] = {
 	0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
 	0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82,
@@ -205,3 +205,25 @@ const unsigned char public_key_der[] = {
 	0x01, 0x67, 0xce, 0x97, 0x61, 0xf4, 0xff, 0x64, 0x4a, 0xf0, 0x1a, 0xf7, 0x14, 0xf9, 0x71,
 	0x97, 0xc6, 0x07, 0x91, 0xe9, 0xbd, 0xf0, 0xa0, 0x3c, 0xc3, 0x7b, 0x91, 0xb0, 0x36, 0x10,
 	0x3a, 0xc9, 0x65, 0x97, 0x17, 0x02, 0x03, 0x01, 0x00, 0x01};
+#else
+const unsigned char public_key_der[] = {
+	0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa2, 0xb4, 0x51, 0xa0, 0x7d, 0x0a,
+	0xa5, 0xf9, 0x6e, 0x45, 0x56, 0x71, 0x51, 0x35, 0x50, 0x51, 0x4a, 0x8a, 0x5b, 0x46, 0x2e,
+	0xbe, 0xf7, 0x17, 0x09, 0x4f, 0xa1, 0xfe, 0xe8, 0x22, 0x24, 0xe6, 0x37, 0xf9, 0x74, 0x6d,
+	0x3f, 0x7c, 0xaf, 0xd3, 0x18, 0x78, 0xd8, 0x03, 0x25, 0xb6, 0xef, 0x5a, 0x17, 0x00, 0xf6,
+	0x59, 0x03, 0xb4, 0x69, 0x42, 0x9e, 0x89, 0xd6, 0xea, 0xc8, 0x84, 0x50, 0x97, 0xb5, 0xab,
+	0x39, 0x31, 0x89, 0xdb, 0x92, 0x51, 0x2e, 0xd8, 0xa7, 0x71, 0x1a, 0x12, 0x53, 0xfa, 0xcd,
+	0x20, 0xf7, 0x9c, 0x15, 0xe8, 0x24, 0x7f, 0x3d, 0x3e, 0x42, 0xe4, 0x6e, 0x48, 0xc9, 0x8e,
+	0x25, 0x4a, 0x2f, 0xe9, 0x76, 0x53, 0x13, 0xa0, 0x3e, 0xff, 0x8f, 0x17, 0xe1, 0xa0, 0x29,
+	0x39, 0x7a, 0x1f, 0xa2, 0x6a, 0x8d, 0xce, 0x26, 0xf4, 0x90, 0xed, 0x81, 0x29, 0x96, 0x15,
+	0xd9, 0x81, 0x4c, 0x22, 0xda, 0x61, 0x04, 0x28, 0xe0, 0x9c, 0x7d, 0x96, 0x58, 0x59, 0x42,
+	0x66, 0xf5, 0xc0, 0x21, 0xd0, 0xfc, 0xec, 0xa0, 0x8d, 0x94, 0x5a, 0x12, 0xbe, 0x82, 0xde,
+	0x4d, 0x1e, 0xce, 0x6b, 0x4c, 0x03, 0x14, 0x5b, 0x5d, 0x34, 0x95, 0xd4, 0xed, 0x54, 0x11,
+	0xeb, 0x87, 0x8d, 0xaf, 0x05, 0xfd, 0x7a, 0xfc, 0x3e, 0x09, 0xad, 0xa0, 0xf1, 0x12, 0x64,
+	0x22, 0xf5, 0x90, 0x97, 0x5a, 0x19, 0x69, 0x81, 0x6f, 0x48, 0x69, 0x8b, 0xcb, 0xba, 0x1b,
+	0x4d, 0x9c, 0xae, 0x79, 0xd4, 0x60, 0xd8, 0xf9, 0xf8, 0x5e, 0x79, 0x75, 0x00, 0x5d, 0x9b,
+	0xc2, 0x2c, 0x4e, 0x5a, 0xc0, 0xf7, 0xc1, 0xa4, 0x5d, 0x12, 0x56, 0x9a, 0x62, 0x80, 0x7d,
+	0x3b, 0x9a, 0x02, 0xe5, 0xa5, 0x30, 0xe7, 0x73, 0x06, 0x6f, 0x45, 0x3d, 0x1f, 0x5b, 0x4c,
+	0x2e, 0x9c, 0xf7, 0x82, 0x02, 0x83, 0xf7, 0x42, 0xb9, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01
+       };
+#endif
\ No newline at end of file
diff --git a/samples/crypto/rsa/src/main.c b/samples/crypto/rsa/src/main.c
index 3fca48fe52..23b0e2316b 100644
--- a/samples/crypto/rsa/src/main.c
+++ b/samples/crypto/rsa/src/main.c
@@ -4,244 +4,293 @@
  * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
  */
 
-#include <zephyr/kernel.h>
-#include <zephyr/sys/printk.h>
-#include <zephyr/logging/log.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <psa/crypto.h>
-#include <psa/crypto_extra.h>
-
-#include "key.h"
-
-#ifdef CONFIG_BUILD_WITH_TFM
-#include <tfm_ns_interface.h>
-#endif
-
-#define APP_SUCCESS	    (0)
-#define APP_ERROR	    (-1)
-#define APP_SUCCESS_MESSAGE "Example finished successfully!"
-#define APP_ERROR_MESSAGE   "Example exited with error!"
-
-#define PRINT_HEX(p_label, p_text, len)                                                            \
-	({                                                                                         \
-		LOG_INF("---- %s (len: %u): ----", p_label, len);                                  \
-		LOG_HEXDUMP_INF(p_text, len, "Content:");                                          \
-		LOG_INF("---- %s end  ----", p_label);                                             \
-	})
-
-LOG_MODULE_REGISTER(rsa, LOG_LEVEL_DBG);
-
-/* ====================================================================== */
-/*				Global variables/defines for the RSA example			  */
-
-#ifndef CONFIG_PSA_WANT_RSA_KEY_SIZE_4096
-#error "This sample needs a key size of 4096"
-#endif
-
-#define NRF_CRYPTO_EXAMPLE_RSA_TEXT_SIZE       (100)
-#define NRF_CRYPTO_EXAMPLE_RSA_PUBLIC_KEY_SIZE (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(4096))
-#define NRF_CRYPTO_EXAMPLE_RSA_SIGNATURE_SIZE  (PSA_BITS_TO_BYTES(4096))
-
-/* Below text is used as plaintext for signing using RSA . */
-static char m_plain_text[NRF_CRYPTO_EXAMPLE_RSA_TEXT_SIZE] = {
-	"Example string to demonstrate basic usage of RSA."};
-
-static char m_signature[NRF_CRYPTO_EXAMPLE_RSA_SIGNATURE_SIZE];
-static char m_hash[32];
-
-static psa_key_id_t keypair_handle;
-static psa_key_id_t pub_key_handle;
-/* ====================================================================== */
-
-int crypto_init(void)
-{
-	psa_status_t status;
-
-	/* Initialize PSA Crypto */
-	status = psa_crypto_init();
-	if (status != PSA_SUCCESS) {
-		return APP_ERROR;
-	}
-
-	return APP_SUCCESS;
-}
-
-int crypto_finish(void)
-{
-	psa_status_t status;
-
-	/* Destroy the key handle */
-	status = psa_destroy_key(keypair_handle);
-	if (status != PSA_SUCCESS) {
-		LOG_INF("psa_destroy_key failed! (Error: %d)", status);
-		return APP_ERROR;
-	}
-
-	status = psa_destroy_key(pub_key_handle);
-	if (status != PSA_SUCCESS) {
-		LOG_INF("psa_destroy_key failed! (Error: %d)", status);
-		return APP_ERROR;
-	}
-
-	return APP_SUCCESS;
-}
-
-int import_rsa_keypair(void)
-{
-	psa_status_t status;
-
-	LOG_INF("Importing RSA keypair...");
-
-	/* Configure the key attributes */
-	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
-
-	/* Configure the key attributes */
-	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_SIGN_HASH);
-	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
-	psa_set_key_algorithm(&key_attributes, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256));
-	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-	psa_set_key_bits(&key_attributes, 4096);
-
-	/* Generate a random keypair. The keypair is not exposed to the application,
-	 * we can use it to signing/verification the key handle.
-	 */
-	status = psa_import_key(&key_attributes, private_key_der, sizeof(private_key_der),
-				&keypair_handle);
-	if (status != PSA_SUCCESS) {
-		LOG_INF("psa_import_key failed! (Error: %d)", status);
-		return APP_ERROR;
-	}
-
-	/* After the key handle is acquired the attributes are not needed */
-	psa_reset_key_attributes(&key_attributes);
-
-	LOG_INF("RSA private key imported successfully!");
-
-	return APP_SUCCESS;
-}
-
-int import_rsa_pub_key(void)
-{
-	/* Configure the key attributes */
-	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
-	psa_status_t status;
-
-	/* Configure the key attributes */
-	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_HASH);
-	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
-	psa_set_key_algorithm(&key_attributes, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256));
-	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
-	psa_set_key_bits(&key_attributes, 4096);
-
-	status = psa_import_key(&key_attributes, public_key_der, sizeof(public_key_der),
-				&pub_key_handle);
-	if (status != PSA_SUCCESS) {
-		LOG_INF("psa_import_key failed! (Error: %d)", status);
-		return APP_ERROR;
-	}
-
-	/* After the key handle is acquired the attributes are not needed */
-	psa_reset_key_attributes(&key_attributes);
-
-	LOG_INF("RSA public key imported successfully!");
-
-	return APP_SUCCESS;
-}
-
-int sign_message_rsa(void)
-{
-	uint32_t olen;
-	psa_status_t status;
-
-	LOG_INF("Signing a message using RSA...");
-
-	/* Compute the SHA256 hash */
-	status = psa_hash_compute(PSA_ALG_SHA_256, m_plain_text, sizeof(m_plain_text), m_hash,
-				  sizeof(m_hash), &olen);
-	if (status != PSA_SUCCESS) {
-		LOG_INF("psa_hash_compute failed! (Error: %d)", status);
-		return APP_ERROR;
-	}
-
-	/* Sign the hash using RSA */
-	status = psa_sign_hash(keypair_handle, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), m_hash,
-			       sizeof(m_hash), m_signature, sizeof(m_signature), &olen);
-	if (status != PSA_SUCCESS) {
-		LOG_INF("psa_sign_hash failed! (Error: %d)", status);
-		return APP_ERROR;
-	}
-
-	LOG_INF("Signing was successful!");
-	PRINT_HEX("Plaintext", m_plain_text, sizeof(m_plain_text));
-	PRINT_HEX("SHA256 hash", m_hash, sizeof(m_hash));
-	PRINT_HEX("Signature", m_signature, sizeof(m_signature));
-
-	return APP_SUCCESS;
-}
-
-int verify_message_rsa(void)
-{
-	psa_status_t status;
-
-	LOG_INF("Verifying RSA signature...");
-
-	/* Verify the hash */
-	status = psa_verify_hash(pub_key_handle, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), m_hash,
-				 sizeof(m_hash), m_signature, sizeof(m_signature));
-	if (status != PSA_SUCCESS) {
-		LOG_INF("psa_verify_hash failed! (Error: %d)", status);
-		return APP_ERROR;
-	}
-
-	LOG_INF("Signature verification was successful!");
-
-	return APP_SUCCESS;
-}
-
-int main(void)
-{
-	int status;
-
-	LOG_INF("Starting the RSA example...");
-
-	status = crypto_init();
-	if (status != APP_SUCCESS) {
-		LOG_INF(APP_ERROR_MESSAGE);
-		return APP_ERROR;
-	}
-
-	status = import_rsa_keypair();
-	if (status != APP_SUCCESS) {
-		LOG_INF(APP_ERROR_MESSAGE);
-		return APP_ERROR;
-	}
-
-	status = import_rsa_pub_key();
-	if (status != APP_SUCCESS) {
-		LOG_INF(APP_ERROR_MESSAGE);
-		return APP_ERROR;
-	}
-
-	status = sign_message_rsa();
-	if (status != APP_SUCCESS) {
-		LOG_INF(APP_ERROR_MESSAGE);
-		return APP_ERROR;
-	}
-
-	status = verify_message_rsa();
-	if (status != APP_SUCCESS) {
-		LOG_INF(APP_ERROR_MESSAGE);
-		return APP_ERROR;
-	}
-
-	status = crypto_finish();
-	if (status != APP_SUCCESS) {
-		LOG_INF(APP_ERROR_MESSAGE);
-		return APP_ERROR;
-	}
-
-	LOG_INF(APP_SUCCESS_MESSAGE);
-
-	return APP_SUCCESS;
-}
+ #include <zephyr/kernel.h>
+ #include <zephyr/sys/printk.h>
+ #include <zephyr/logging/log.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <psa/crypto.h>
+ #include <psa/crypto_extra.h>
+ 
+ #include "key.h"
+ 
+ #ifdef CONFIG_BUILD_WITH_TFM
+ #include <tfm_ns_interface.h>
+ #endif
+ 
+ #define APP_SUCCESS	    (0)
+ #define APP_ERROR	    (-1)
+ #define APP_SUCCESS_MESSAGE "Example finished successfully!"
+ #define APP_ERROR_MESSAGE   "Example exited with error!"
+ 
+ #define PRINT_HEX(p_label, p_text, len)                                                            \
+	 ({                                                                                         \
+		 LOG_INF("---- %s (len: %u): ----", p_label, len);                                  \
+		 LOG_HEXDUMP_INF(p_text, len, "Content:");                                          \
+		 LOG_INF("---- %s end  ----", p_label);                                             \
+	 })
+ 
+ LOG_MODULE_REGISTER(rsa, LOG_LEVEL_DBG);
+ 
+ //### ADDED TO SAMPLE - START
+ uint8_t encrypted[294];
+ 
+ /* ====================================================================== */
+ /*				Global variables/defines for the RSA example			  */
+ 
+ // #ifndef CONFIG_PSA_WANT_RSA_KEY_SIZE_4096
+ // #error "This sample needs a key size of 4096"
+ // #endif
+ 
+ #define NRF_CRYPTO_EXAMPLE_RSA_TEXT_SIZE       (100)
+ #define NRF_CRYPTO_EXAMPLE_RSA_PUBLIC_KEY_SIZE (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(2048))
+ #define NRF_CRYPTO_EXAMPLE_RSA_SIGNATURE_SIZE  (PSA_BITS_TO_BYTES(2048))
+ 
+ #define PSA_ALG_RSA_OAEP_EN 1
+ #define PSA_ALG_RSA_PKCS1V15_CRYPT_EN 0
+ 
+ uint8_t key[16]={0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F};
+ 
+ /* Below text is used as plaintext for signing using RSA . */
+ static char m_plain_text[NRF_CRYPTO_EXAMPLE_RSA_TEXT_SIZE] = {
+	 "Example string to demonstrate basic usage of RSA."};
+ 
+ static char m_signature[NRF_CRYPTO_EXAMPLE_RSA_SIGNATURE_SIZE];
+ static char m_hash[32];
+ 
+ static psa_key_id_t keypair_handle;
+ static psa_key_id_t pub_key_handle;
+ /* ====================================================================== */
+ 
+ int crypto_init(void)
+ {
+	 psa_status_t status;
+ 
+	 /* Initialize PSA Crypto */
+	 status = psa_crypto_init();
+	 if (status != PSA_SUCCESS) {
+		 return APP_ERROR;
+	 }
+ 
+	 return APP_SUCCESS;
+ }
+ 
+ int import_rsa_pub_key(void)
+ {
+     /* 기존 키가 있다면 삭제 */
+     if (pub_key_handle != 0) {
+	 psa_destroy_key(pub_key_handle);
+	 pub_key_handle = 0;
+     }
+ 
+     /* Configure the key attributes */
+     psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+     psa_status_t status;
+ 
+     /* ✅ PSA_KEY_USAGE_ENCRYPT 강제 적용 */
+     psa_key_usage_t usage_flags = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT;
+     psa_set_key_usage_flags(&key_attributes, usage_flags);
+     psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
+ 
+ #if PSA_ALG_RSA_PKCS1V15_CRYPT_EN
+	 psa_set_key_algorithm(&key_attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
+ #endif
+ #if PSA_ALG_RSA_OAEP_EN
+	 psa_set_key_algorithm(&key_attributes, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256));
+ #endif
+ 
+     psa_set_key_type(&key_attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
+     psa_set_key_bits(&key_attributes, 2048);
+ 
+     LOG_INF("Public key length = %d", sizeof(public_key_der));
+ 
+     status = psa_import_key(&key_attributes, public_key_der, sizeof(public_key_der), &pub_key_handle);
+     if (status != PSA_SUCCESS) {
+	 LOG_INF("psa_import_key failed! (Error: %d)", status);
+	 return APP_ERROR;
+     }
+ 
+     return APP_SUCCESS;
+ }
+ 
+ bool rsaEncrypt(uint8_t *plainData, uint16_t plainDataLength, uint8_t *encDataOut, uint16_t *encDataLen)
+ {
+	 psa_status_t status;
+	 uint32_t outputLength = 0;
+	 psa_key_attributes_t key_attr;
+ 
+	 // RSA 키 속성 가져오기
+	 psa_get_key_attributes(pub_key_handle, &key_attr);
+	 size_t rsa_key_size = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attr));
+ 
+	 // 디버깅 로그 추가
+	 LOG_INF("RSA Key Size (bytes): %d", rsa_key_size);
+	 LOG_INF("Encryption Buffer Size: %d", *encDataLen);
+ 
+	 // 키 크기 확인
+	 if (psa_get_key_bits(&key_attr) < 2048) {
+		 LOG_INF("RSA key size too small! Expected at least 2048 bits.");
+		 return PSA_ERROR_INVALID_ARGUMENT;
+	 }
+ 
+ #if PSA_ALG_RSA_OAEP_EN
+	 /* 🔍 키가 OAEP를 지원하는지 확인 */
+	 psa_algorithm_t key_alg = psa_get_key_algorithm(&key_attr);
+	 LOG_INF("Key Algorithm After Import: 0x%x", key_alg);
+ 
+	 if (key_alg != PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)) {
+		 LOG_INF("Error: Imported key does not support RSA_OAEP(SHA-256)");
+		 return PSA_ERROR_NOT_SUPPORTED;
+	 }
+ 
+ 
+	 // RSA-OAEP 최대 입력 데이터 크기 계산 (SHA-256 사용)
+	 size_t max_plaintext_size = rsa_key_size - (2 * 32) - 2;
+	 LOG_INF("Max Plaintext Size: %d, Provided Plaintext Size: %d", max_plaintext_size, plainDataLength);
+ 
+	 // 입력 크기 초과 확인
+	 if (plainDataLength > max_plaintext_size) {
+		 LOG_INF("Input data too large for RSA-OAEP!");
+		 return PSA_ERROR_INVALID_ARGUMENT;
+	 }
+ #endif
+ 
+	 // 키 타입 확인
+	 if (psa_get_key_type(&key_attr) != PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
+		 LOG_INF("Incorrect key type! Expected RSA public key.");
+		 return PSA_ERROR_INVALID_ARGUMENT;
+	 }
+ 
+	 // 키 사용 권한 확인
+	 psa_key_usage_t usage_flags = psa_get_key_usage_flags(&key_attr);
+	 if ((usage_flags & PSA_KEY_USAGE_ENCRYPT) == 0) {
+		 LOG_INF("Key does not have encryption usage flag!");
+		 return PSA_ERROR_NOT_PERMITTED;
+	 }
+ 
+	 LOG_INF("Key Type: 0x%x", psa_get_key_type(&key_attr));
+	 LOG_INF("Key Algorithm: 0x%x", psa_get_key_algorithm(&key_attr));
+	 LOG_INF("Key Usage Flags: 0x%x", psa_get_key_usage_flags(&key_attr));
+	 LOG_INF("Key Bits: %d", psa_get_key_bits(&key_attr));
+ 
+ #if PSA_ALG_RSA_OAEP_EN
+	 // Label 길이 문제 해결 → NULL 사용
+	 status = psa_asymmetric_encrypt(pub_key_handle,
+					 PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256),
+					 plainData,
+					 plainDataLength,
+					 NULL,  // Label을 NULL로 설정
+					 0,     // Label 길이를 0으로 설정
+					 encDataOut,
+					 *encDataLen,
+					 &outputLength);
+ #endif
+ 
+ 
+ 
+ #if PSA_ALG_RSA_PKCS1V15_CRYPT_EN
+ 
+	 // Label 길이 문제 해결 → NULL 사용
+	 status = psa_asymmetric_encrypt(pub_key_handle,
+		 PSA_ALG_RSA_PKCS1V15_CRYPT,
+		 plainData,
+		 plainDataLength,
+		 NULL,  // Label을 NULL로 설정
+		 0,     // Label 길이를 0으로 설정
+		 encDataOut,
+		 *encDataLen,
+		 &outputLength);
+ #endif
+ 
+	 if (status != PSA_SUCCESS) {
+		 LOG_INF("Encryption failed! Status: %d", status);
+	 } else {
+		 LOG_INF("Encryption successful! Output Length: %d", outputLength);
+	 }
+ 
+	 PRINT_HEX("Encrypted Data", encDataOut, *encDataLen);
+ 
+	 return status;
+ }
+ 
+ 
+ int testEncryption() {
+     uint8_t encDataOut[256];  // 충분한 크기의 버퍼 할당
+     uint16_t encDataLen = sizeof(encDataOut);  // 버퍼 크기를 설정
+ 
+     int result = rsaEncrypt(key, sizeof(key), encDataOut, &encDataLen);
+     if (!result) {
+	 LOG_INF("Encryption failed: %d\n", result);
+	 return APP_ERROR;
+     }
+	 
+     return APP_SUCCESS;
+ }
+ 
+ int crypto_finish(void)
+ {
+	 psa_status_t status;
+ 
+	 /* Destroy the key handle */
+	 status = psa_destroy_key(keypair_handle);
+	 if (status != PSA_SUCCESS) {
+		 LOG_INF("psa_destroy_key failed! (Error: %d)", status);
+		 return APP_ERROR;
+	 }
+ 
+	 status = psa_destroy_key(pub_key_handle);
+	 if (status != PSA_SUCCESS) {
+		 LOG_INF("psa_destroy_key failed! (Error: %d)", status);
+		 return APP_ERROR;
+	 }
+ 
+	 return APP_SUCCESS;
+ }
+ 
+ int main(void)
+ {
+	 int status;
+ 
+	 LOG_INF("Starting the RSA example...");
+ 
+	 status = crypto_init();
+	 if (status != APP_SUCCESS) {
+		 // LOG_INF(APP_ERROR_MESSAGE);
+		 return APP_ERROR;
+	 }
+	 status = import_rsa_pub_key();
+	 if (status != APP_SUCCESS) {
+		 // LOG_INF(APP_ERROR_MESSAGE);
+		 return APP_ERROR;
+	 }
+ 
+	 status = testEncryption();
+	 if (status != APP_SUCCESS) {
+		 // LOG_INF(APP_ERROR_MESSAGE);
+		 return APP_ERROR;
+	 }
+ 
+	 // k_msleep(1000); 
+ 
+	 // while (1)
+	 // {
+	 // 	for(int i = 0; i < 1; i++)
+	 // 	{
+	 // 		status = testEncryption();
+	 // 		if (status != APP_SUCCESS) {
+	 // 			LOG_INF(APP_ERROR_MESSAGE);
+	 // 			return APP_ERROR;
+	 // 		}
+	 // 	}
+ 
+	 // 	k_msleep(1000); 
+	 // }
+ 
+	 // status = crypto_finish();
+	 // if (status != APP_SUCCESS) {
+	 // 	LOG_INF(APP_ERROR_MESSAGE);
+	 // 	return APP_ERROR;
+	 // }
+ 
+	 return APP_SUCCESS;
+ }
\ No newline at end of file

And the resulting output, so this works as expected:

*** Booting nRF Connect SDK v2.9.0-7787b2649840 ***
*** Using Zephyr OS v3.7.99-1f8f3dc29142 ***
[00:00:00.010,833] <inf> rsa: Starting the RSA example...
[00:00:00.016,693] <inf> rsa: Public key length = 270
[00:00:00.022,247] <inf> rsa: RSA Key Size (bytes): 256
[00:00:00.027,832] <inf> rsa: Encryption Buffer Size: 256
[00:00:00.033,691] <inf> rsa: Key Algorithm After Import: 0x7000309
[00:00:00.040,496] <inf> rsa: Max Plaintext Size: 190, Provided Plaintext Size: 16
[00:00:00.048,614] <inf> rsa: Key Type: 0x4001
[00:00:00.053,558] <inf> rsa: Key Algorithm: 0x7000309
[00:00:00.059,204] <inf> rsa: Key Usage Flags: 0x901
[00:00:00.064,666] <inf> rsa: Key Bits: 2048
[00:00:00.084,442] <inf> rsa: Encryption successful! Output Length: 256
[00:00:00.091,522] <inf> rsa: ---- Encrypted Data (len: 256): ----
[00:00:00.098,236] <inf> rsa: Content:
                              7d 51 9e 06 22 e6 11 28  92 c1 f8 d6 5e 39 13 03 |}Q.."..( ....^9..
                              38 3b 5b 7a fe 14 c9 5c  d0 33 3b 52 1b a6 73 f4 |8;[z...\ .3;R..s.
                              32 8a 96 d8 56 0f 03 43  98 d8 5e 71 22 19 d5 f5 |2...V..C ..^q"...
                              6f 06 55 98 96 0d 49 ed  82 73 0d db 32 8f b0 75 |o.U...I. .s..2..u
                              0f 55 24 91 29 5e a6 40  8b 7a 4d 41 78 43 05 64 |.U$.)^.@ .zMAxC.d
                              9e 0f 3c 7c 6d 34 b2 f2  6f bb c6 e9 2f 48 0e 7d |..<|m4.. o.../H.}
                              38 e2 0c 76 1f 40 50 d2  b1 0a 46 18 ee 42 9d ef |8..v.@P. ..F..B..
                              5b be 3c 82 3f 4b bf e4  e3 57 b0 0d 1f ff 7c 10 |[.<.?K.. .W....|.
                              97 d7 3c 92 4a 49 33 03  71 90 d6 69 f6 cb 06 fe |..<.JI3. q..i....
                              18 f2 11 3c aa 1f e4 08  3f ab cd 7c 89 f1 e5 77 |...<.... ?..|...w
                              47 fc a0 8a 09 1a 91 6d  cd 12 7d 5a 4c 2a a0 4a |G......m ..}ZL*.J
                              3a 89 e7 fb 57 f1 df 65  ec 9a 8c 9b e1 28 ec 9a |:...W..e .....(..
                              61 dd 3e d7 a8 82 49 5d  c3 87 c8 9b d2 0a cc 54 |a.>...I] .......T
                              f6 2e 26 51 c7 0d 7b 55  a1 7d 82 55 43 ec e5 95 |..&Q..{U .}.UC...
                              ca 15 96 2c c3 6e 6c da  0f e5 d7 00 c2 aa 8b bb |...,.nl. ........
                              27 bc 50 9c 33 8f 66 01  e6 02 fc 99 23 9c 95 24 |'.P.3.f. ....#..$
[00:00:00.242,279] <inf> rsa: ---- Encrypted Data end  ----
[00:00:00.248,352] <inf> rsa: Encryption failed: 0

(You print an error message here when rsaEncrypt returns 0, but this is incorrect)