THE RSAES-OAEP-ENCRYPT, as specified in RFC 2437 [PKCS1], algorithm takes two explicit parameters: a
mandatory message
digest function and an optional octet string OAEPparams. The message
digest function is indicated by the Algorithm attribute of a child
ds:DigestMethod element and the octet string is the base64 decoding
of the content of an optional OAEPparams child element.
Schema Definition:
<element ref='ds:DigestMethod'/>
<element name='OAEPparams' minOccurs='0'
type='base64Binary'/>
An example of an RSA-OAEP element is:
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<OAEPparams> 9lWu3Q== </OAEPparams>
<EncryptionMethod>
The CipherValue for an RSA-OAEP encrypted key is the base64 [MIME] encoding of the octet string computed as per RFC 2437
[PKCS1, section 7.1.1: Encryption operation]. As
described in the EME-OAEP-ENCODE function RFC 2437 [PKCS1, section 9.1.1.1], the value input to the key
transport function is calculated using the message digest function and string
specified in the DigestMethod and OAEPparams elements
and using the mask generator function MGF1 specified in RFC 2437. The desired
output length for EME-OAEP-ENCODE is one byte shorter than the RSA modulus.
The transported key size is 192 bits for TRIPLEDES and 128, 192, or 256 bits for AES. Implementations MUST implement RSA-OAEP for the transport of 128 and 256 bit keys. They MAY implement RSA-OAEP for the transport of other keys.