Menu
I need to encrypt plain bytes with RSA public key using OaepSHA256 and MGF1 padding. So I figured that I can write following code (using .net framework 4.7):
var encryptionCert = new X509Certificate2(certBytes);
using (var rsaPublicKey = encryptionCert.GetRSAPublicKey()) // Get an instance of RSA derived class
{
var encryptedKeyBytes = rsaPublicKey.Encrypt(plainBytes, RSAEncryptionPadding.OaepSHA256);
}
I have no idea if MGF1 padding and Optimal Asymmetric Encryption Padding (OAEP) are related or not.
Here are my questions:
754
For example RSA Encryption padding is randomized, ensuring that the same message encrypted multiple times looks different each time. It also avoids other weaknesses, such as encrypting the same message using different RSA keys leaking the message, or an attacker creating messages derived from some other ciphertexts.
Informally, a hash-agnostic or hash-generic reduction suggests that RSA-OAEP is secure for any hash function, while a hash-specific reduction only suggests that RSA-OAEP is secure if instantiated with hash functions with a given security property.
When implemented with certain trapdoor permutations (e.g., RSA), OAEP is also proven to be secure against chosen ciphertext attack.
RSAES-OAEP is a public-key encryption scheme combining the RSA algorithm [39] with the. Optimal Asymmetric Encryption Padding (OAEP) method. The inventors of RSA are Ronald L. Rivest, Adi Shamir, and Leonard Adleman, while the inventors of OAEP are Mihir Bellare and Phillip Rogaway [4], with enhancements by Don B.
OAEP is padding scheme, which needs 2 hash functions with different properties to operate. One hash function should map arbitrary sized input to fixed size output. This type of hash functions are well known, SHA-256, MD5 and so on are all of this type. Specification allows different functions to be used for OAEP padding, such as SHA-256, SHA-1 and so on.
Another hash function should map arbitrary sized input to arbitrary sized output. Such hash function is called "mask generation function" (MGF). The related RFC defines only one such function, MGF1:
One mask generation function is given here: MGF1, which is based on a hash function.
...Future versions of this document may define other mask generation functions.
Because there is just one defined mask generation function, the .NET api does not allow you to choose it (nothing to choose from) and just always uses it (MGF1) when you use RSA with OAEP padding. But, it is possible to parameterize MGF1 with a hash. For example see the MGF1ParameterSpec class in Java SE. It seems the .NET API always uses a particular hash function, not clear if it is SHA-1 or SHA-256.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
