tahrir Should use padding for RSA encryption

Should use padding for RSA encryption

Open sanity opened this issue 12 years ago • 3 comments

https://github.com/sanity/tahrir/blob/master/src/main/java/tahrir/io/crypto/TrCrypto.java RSA/None/NoPadding can only be used securely if no padding is required: If if the size of the plaintext is a multiple of the block-size... In encrypt() it is... but not in encryptRaw() ! In any case, you might want to either have padding OR to introduce a check ;)

OAEP is state of the art; something like "RSA/None/OAEPWithSHA512AndMGF1Padding" would work nicely.

Nov 13 '12 16:11 sanity

Would adding padding complicate serializing RSAPublicKey?

Mar 12 '13 18:03 nomel7

No, I think it will only affect the encrypted data, not the key itself.

On Tue, Mar 12, 2013 at 1:12 PM, Kieran Donegan [email protected]:

Would adding padding complicate serializing RSAPublicKey?

— Reply to this email directly or view it on GitHubhttps://github.com/sanity/tahrir/issues/21#issuecomment-14792919 .

Ian Clarke Blog: http://blog.locut.us/

Mar 13 '13 16:03 sanity

Needs some additional research, hold off on this one

Jun 03 '13 13:06 sanity

tahrir tahrir copied to clipboard

Should use padding for RSA encryption

tahrir
tahrir copied to clipboard