go icon indicating copy to clipboard operation
go copied to clipboard

Published 20 hours ago verified publisher icon golang

crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption

Open mmauv opened this issue 1 year ago • 1 comments

Proposal Details

It is currently impossible to independently choose the hash functions used by rsa.EncryptOAEP for OAEP and MGF1. The issue was already raised in #19974; however, it has only been fixed in the decryption functions.

This functionality is needed to wrap keys for the Android Keystore secure import. The Android developer documentation specifies that encryptedTransportKey is a 256-bit AES key, [...] encrypted in RSA-OAEP mode (SHA-256 digest, SHA-1 MGF1 digest) (https://developer.android.com/reference/android/security/keystore/WrappedKeyEntry). This specification requires being able to encrypt using RSA-OAEP with different algorithms for OAEP and MGF1.

mmauv avatar Feb 15 '24 10:02 mmauv

Change https://go.dev/cl/564755 mentions this issue: crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption

gopherbot avatar Feb 16 '24 09:02 gopherbot

cc @FiloSottile @rolandshoemaker

mauri870 avatar Feb 17 '24 02:02 mauri870

The current go has not been modified yet. You can copy the required functions from the crypto/rsa package and adjust them rsa-ecb.

feyounger avatar Feb 26 '24 02:02 feyounger

The current go has not been modified yet. You can copy the required functions from the crypto/rsa package and adjust them rsa-ecb.

Thanks, that's the only solution I found while waiting for the change...

mmauv avatar Feb 26 '24 08:02 mmauv