Re: Testing encrypt with RSA-OAEP from Eric Roman on 2016-06-02 (public-webcrypto@w3.org from June 2016)

From: Eric Roman <ericroman@google.com>
Date: Thu, 2 Jun 2016 12:01:37 -0700
To: Jason Proctor <jason@mono.hm>
Cc: Charles Engelke <w3c@engelke.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAFswn4kDG2J_B25YrRudFk2r+fo3tBKygr2MAgBYSrFbnFUaZQ@mail.gmail.com>

On Thu, Jun 2, 2016 at 11:16 AM, Jason Proctor <jason@mono.hm> wrote:

> hi Charlie
>
> i've been using WebCrypto's RSA-OAEP/SHA-256 interchangeably with OpenSSL
> and Bouncy Castle, with complete success.
>
> for OpenSSL, i use RSA_PKCS1_OAEP_PADDING, but set the digest function to
> SHA-256 using EVP_PKEY_CTX_set_rsa_oaep_md(). this function is
> comparitively new in OpenSSL, AFAICS. note i didn't need to use the
> corresponding mgf function, though i'm not clear why.
>

If you don't set the MGF using  EVP_PKEY_CTX_set_rsa_mgf1_md(), then it
looks like OpenSSL will just default to using the digest function set by
EVP_PKEY_CTX_set_rsa_oaep_md() [1]. Should probably just explicitly set
both anyway, for clarity if nothing else :)

[1]
https://github.com/openssl/openssl/blob/2039c421b0e5b75ffcf6a88e39cc09089b4303dc/crypto/rsa/rsa_oaep.c#L53


> for Bouncy Castle i just use RSA/NONE/OAEPWithSHA256AndMGF1Padding as the
> PK cipher algorithm.
>
> anyway, let me know if i can be of any assistance.
>
> regards
> Jason
>
>
>
> On Thu, Jun 2, 2016 at 10:44 AM, Charles Engelke <w3c@engelke.com> wrote:
>
>> I think I'm done testing encrypt for the various AES modes, and just
>> have RSA-OAEP to go. But I'm running into a problem: RSA-OAEP injects
>> randomness when encrypting, so the only way to check that encryption
>> worked is to see if the result can be decrypted.
>>
>> I see three options:
>>
>> - assume that if encrypt doesn't throw and exception, it passes
>>
>> - check the result of encrypt by using subtleCrypto decrypt to see if
>> you get the same plaintext back (note that decrypt can be tested with
>> sample ciphertext so we can tell if it's working separately)
>>
>> - check the result of encrypt by using an external program to decrypt its
>> result
>>
>> The third option seems to be the best in a perfect world. But it would
>> require the test framework to have an external program that can do
>> RSA-OAEP decryption with all the options subtleCrypto is supposed to
>> to have: any of the four supported hash functions, and with and
>> without the optional label. OpenSSL, for example, seems to only
>> support SHA-1 and no label.
>>
>> I'd appreciate any suggestions on how to proceed (and would also
>> appreciate pointers on how to extend the framework to use an external
>> program if that's the needed solution).
>>
>> Thanks,
>>
>> Charlie
>>
>>
>

Received on Thursday, 2 June 2016 19:02:06 UTC