- From: Jason Proctor <jason@mono.hm>
- Date: Thu, 2 Jun 2016 12:32:43 -0700
- To: Eric Roman <ericroman@google.com>
- Cc: Jason Proctor <jason@mono.hm>, Charles Engelke <w3c@engelke.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CALQanALzec1rzM8bBGzfLJoqb0hj7reOOL6uHaODSSqqagaoOw@mail.gmail.com>
On Thu, Jun 2, 2016 at 12:01 PM, Eric Roman <ericroman@google.com> wrote: > > > On Thu, Jun 2, 2016 at 11:16 AM, Jason Proctor <jason@mono.hm> wrote: > >> hi Charlie >> >> i've been using WebCrypto's RSA-OAEP/SHA-256 interchangeably with OpenSSL >> and Bouncy Castle, with complete success. >> >> for OpenSSL, i use RSA_PKCS1_OAEP_PADDING, but set the digest function to >> SHA-256 using EVP_PKEY_CTX_set_rsa_oaep_md(). this function is >> comparitively new in OpenSSL, AFAICS. note i didn't need to use the >> corresponding mgf function, though i'm not clear why. >> > > If you don't set the MGF using EVP_PKEY_CTX_set_rsa_mgf1_md(), then it > looks like OpenSSL will just default to using the digest function set by > EVP_PKEY_CTX_set_rsa_oaep_md() [1]. Should probably just explicitly set > both anyway, for clarity if nothing else :) > > [1] > https://github.com/openssl/openssl/blob/2039c421b0e5b75ffcf6a88e39cc09089b4303dc/crypto/rsa/rsa_oaep.c#L53 > > thanks for the feedback. that does seem sensible - so much so, in fact, that i just did it. regards J > >> for Bouncy Castle i just use RSA/NONE/OAEPWithSHA256AndMGF1Padding as the >> PK cipher algorithm. >> >> anyway, let me know if i can be of any assistance. >> >> regards >> Jason >> >> >> >> On Thu, Jun 2, 2016 at 10:44 AM, Charles Engelke <w3c@engelke.com> wrote: >> >>> I think I'm done testing encrypt for the various AES modes, and just >>> have RSA-OAEP to go. But I'm running into a problem: RSA-OAEP injects >>> randomness when encrypting, so the only way to check that encryption >>> worked is to see if the result can be decrypted. >>> >>> I see three options: >>> >>> - assume that if encrypt doesn't throw and exception, it passes >>> >>> - check the result of encrypt by using subtleCrypto decrypt to see if >>> you get the same plaintext back (note that decrypt can be tested with >>> sample ciphertext so we can tell if it's working separately) >>> >>> - check the result of encrypt by using an external program to decrypt >>> its result >>> >>> The third option seems to be the best in a perfect world. But it would >>> require the test framework to have an external program that can do >>> RSA-OAEP decryption with all the options subtleCrypto is supposed to >>> to have: any of the four supported hash functions, and with and >>> without the optional label. OpenSSL, for example, seems to only >>> support SHA-1 and no label. >>> >>> I'd appreciate any suggestions on how to proceed (and would also >>> appreciate pointers on how to extend the framework to use an external >>> program if that's the needed solution). >>> >>> Thanks, >>> >>> Charlie >>> >>> >> >
Received on Thursday, 2 June 2016 19:33:12 UTC