python-rsa icon indicating copy to clipboard operation
python-rsa copied to clipboard
verified publisher icon sybrenstuvel

Support PKCS#1 v2.0; support OAEP/PSS

Open sybrenstuvel opened this issue 9 years ago • 8 comments

See http://stackoverflow.com/a/36633937/875379 and http://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5 for more info.

RSA 4.0 should support OAEP for encryption and PSS for signing, as described in PKCS#1 v2.0. This makes it much less (if it even still is) vulnerable to a Bleichenbacher attack.

sybrenstuvel avatar Apr 23 '16 08:04 sybrenstuvel

I will give it a try, starting with OAEP :)

adamantike avatar Apr 25 '16 19:04 adamantike

@adamantike what's your progress so far? I'd love to be able to release 4.0 in the coming month or so. Do you think that's feasible?

sybrenstuvel avatar Apr 10 '17 10:04 sybrenstuvel

@sybrenstuvel I haven't made any progress since the last PR. I can start working on OAEP, and hopefully there'll be some progress before next weekend.

Is there any other goal for 4.0 that is not included in the milestone?

adamantike avatar Apr 14 '17 21:04 adamantike

I can start working on OAEP, and hopefully there'll be some progress before next weekend.

That would be awesome :)

Is there any other goal for 4.0 that is not included in the milestone?

Nope. If more comes up, we'll just release 4.1 :)

sybrenstuvel avatar Apr 15 '17 09:04 sybrenstuvel

Does python-rsa currently support OAEP padding? I saw https://github.com/sybrenstuvel/python-rsa/pull/89 but I wasn't sure exactly the implications of it.

jamorham avatar Jun 16 '17 22:06 jamorham

Is the encryption part of this issue fixed by https://github.com/sybrenstuvel/python-rsa/pull/126?

sify21 avatar Sep 24 '21 07:09 sify21

Hi everyone,

I saw this thread about PKCS#1 v2.0 support for python rsa.

I have currently rsa version 4.8 .. I have another library (Crypto++) whose RSA encryption I am trying to decrypt. The library supports both OAEP and PKCS. Crypto++ is using v.2.0

Can Python RSA decrypt both PKCS #1 v.1.15 and v.2.0 ?

If I want the decryptor to use a specific version of PKCS #1 or OAEP, is there a way to specify this ?

In the rsa.encrypt(..) and rsa.decrypt(..) function I did not see any way to specify the version or the padding format ?

def encrypt_rsa(message, key): try: result = rsa.encrypt(base64.b64encode(message), key) return result except Exception as err: print("There was an error encryption RSA", err) return None

def decrypt_rsa(cipherbytes, key): try: base64_bytes = rsa.decrypt(cipherbytes, key) print("Got base64 bytes") return base64.b64decode(base64_bytes) except Exception as err: print(err) return None

srinivasramanujan avatar Apr 21 '23 17:04 srinivasramanujan

Can Python RSA decrypt both PKCS #1 v.1.15 and v.2.0?

Python RSA does not currently support PKCS #1 v2.0+. There are open issues, including this one, for adding that support.

If I want the decryptor to use a specific version of PKCS #1 or OAEP, is there a way to specify this ?

No. OAEP is not supported.

myheroyuki avatar Apr 25 '23 12:04 myheroyuki