Re: Testing encrypt with RSA-OAEP

hi Charlie

i've been using WebCrypto's RSA-OAEP/SHA-256 interchangeably with OpenSSL
and Bouncy Castle, with complete success.

for OpenSSL, i use RSA_PKCS1_OAEP_PADDING, but set the digest function to
SHA-256 using EVP_PKEY_CTX_set_rsa_oaep_md(). this function is
comparitively new in OpenSSL, AFAICS. note i didn't need to use the
corresponding mgf function, though i'm not clear why.

for Bouncy Castle i just use RSA/NONE/OAEPWithSHA256AndMGF1Padding as the
PK cipher algorithm.

anyway, let me know if i can be of any assistance.

regards
Jason



On Thu, Jun 2, 2016 at 10:44 AM, Charles Engelke <w3c@engelke.com> wrote:

> I think I'm done testing encrypt for the various AES modes, and just
> have RSA-OAEP to go. But I'm running into a problem: RSA-OAEP injects
> randomness when encrypting, so the only way to check that encryption
> worked is to see if the result can be decrypted.
>
> I see three options:
>
> - assume that if encrypt doesn't throw and exception, it passes
>
> - check the result of encrypt by using subtleCrypto decrypt to see if
> you get the same plaintext back (note that decrypt can be tested with
> sample ciphertext so we can tell if it's working separately)
>
> - check the result of encrypt by using an external program to decrypt its
> result
>
> The third option seems to be the best in a perfect world. But it would
> require the test framework to have an external program that can do
> RSA-OAEP decryption with all the options subtleCrypto is supposed to
> to have: any of the four supported hash functions, and with and
> without the optional label. OpenSSL, for example, seems to only
> support SHA-1 and no label.
>
> I'd appreciate any suggestions on how to proceed (and would also
> appreciate pointers on how to extend the framework to use an external
> program if that's the needed solution).
>
> Thanks,
>
> Charlie
>
>