W3C home > Mailing lists > Public > public-webcrypto@w3.org > June 2016

Testing encrypt with RSA-OAEP

From: Charles Engelke <w3c@engelke.com>
Date: Thu, 2 Jun 2016 13:44:46 -0400
Message-ID: <CAFeVzdwkpQ=zfTaLuvsUGVsCG+kx-27EjjOLeLikFP0+rH1P9g@mail.gmail.com>
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
I think I'm done testing encrypt for the various AES modes, and just
have RSA-OAEP to go. But I'm running into a problem: RSA-OAEP injects
randomness when encrypting, so the only way to check that encryption
worked is to see if the result can be decrypted.

I see three options:

- assume that if encrypt doesn't throw and exception, it passes

- check the result of encrypt by using subtleCrypto decrypt to see if
you get the same plaintext back (note that decrypt can be tested with
sample ciphertext so we can tell if it's working separately)

- check the result of encrypt by using an external program to decrypt its result

The third option seems to be the best in a perfect world. But it would
require the test framework to have an external program that can do
RSA-OAEP decryption with all the options subtleCrypto is supposed to
to have: any of the four supported hash functions, and with and
without the optional label. OpenSSL, for example, seems to only
support SHA-1 and no label.

I'd appreciate any suggestions on how to proceed (and would also
appreciate pointers on how to extend the framework to use an external
program if that's the needed solution).

Thanks,

Charlie
Received on Thursday, 2 June 2016 17:45:16 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 2 June 2016 17:45:16 UTC