Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

RSA/ECB/OAEPWithSHA-256AndMGF1Padding but with MGF1 using SHA-256?

Tags:

java

cryptography

I found the hard way that in Oracle's Java standard crypto provider

Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");

uses MFG1 instanciated with SHA-1; SHA-256 is only used to hash the label (in practice empty). The only solution that I found to actually use SHA-256 in MFG1 (helped by that answer and comment) was using an alternate form of Cipher.init:

cipher.init(Cipher.DECRYPT_MODE, privKey, new OAEPParameterSpec(
    "SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT
));

Question: is there a transformation that Cipher.getInstance will recognize, with effect similar to "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", except with MGF1 using SHA-256?

like image 757
fgrieu Avatar asked Nov 06 '15 18:11

fgrieu

People also ask

What is ECB RSA?

ECB is a block cipher mode of operation. RSA is a public key encryption scheme, not a block cipher. Generally, it doesn't make sense to encrypt long messages directly with RSA.

Is RSA Oaep secure?

When implemented with certain trapdoor permutations (e.g., RSA), OAEP is also proven to be secure against chosen ciphertext attack. OAEP can be used to build an all-or-nothing transform.

What is RSA ECB pkcs1padding?

Data encryption/decryption is one of the main security method commonly used in payment gateways. It gets encrypted by using the payment gateway's public key and can only be decrypted by the payment gateway's private key.

What is mgf1padding?

Another hash function should map arbitrary sized input to arbitrary sized output. Such hash function is called "mask generation function" (MGF). The related RFC defines only one such function, MGF1: One mask generation function is given here: MGF1, which is based on a hash function.

1 Answers

No, there isn't.

Java is open source. If unsure you can take a look at the sources for the OpenJDK.

In the init method of com.sun.crypto.provider.RSACipher it reads:

            spec = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
                MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);

I've checked this up to Java 8 update 60 for the OpenJDK. As you can see, you need to use the algorithm parameters.

like image 113
Maarten Bodewes Avatar answered Sep 18 '22 14:09

Maarten Bodewes
Sign in to Comment

Related questions

How do I get a reference to the Jackson Object Mapper in a jersey2 / hk2 application
Spring Boot ignores @JsonDeserialize and @JsonSerialize
Brooks Pointer in Object class
f:convertDateTime support for Java8 LocalDate / LocalDateTime? [duplicate]
Apache Felix SCR @Reference cheatsheet
Why does TestNG allow several expected exceptions?
Why is there no function Stream.flatMap()? [closed]
Any significant bug or issues with Android Databinding Library? [closed]
Use CXF libraries in Wildfly deployment with Maven artifact provided
Swagger doc for api response (type List)
How to set limit of matching items returned by DynamoDB using Java?
Verification key for jose4j JwtConsumer
Handling type erasure in constructors with generics
Empty respond body for post with rest assured
Find all IP addresses in local network
What is the static type of `this` in Java 8 default interfaces?
Why is throws part of the method signature
How to use a BooleanQuery builder in Lucene 5.3.x?
material-calendarview set background color of dates
SonarQube analysis succeeds but isn't processed by server

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!