proposal: crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption #65716
Labels
Milestone
Comments
|
Change https://go.dev/cl/564755 mentions this issue: |
mauri870
changed the title
mauri870
added
the
Proposal-Crypto
|
The current go has not been modified yet. You can copy the required functions from the crypto/rsa package and adjust them rsa-ecb. |
Thanks, that's the only solution I found while waiting for the change... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposal Details
It is currently impossible to independently choose the hash functions used by
rsa.EncryptOAEPfor OAEP and MGF1. The issue was already raised in #19974; however, it has only been fixed in the decryption functions.This functionality is needed to wrap keys for the Android Keystore secure import. The Android developer documentation specifies that
encryptedTransportKey is a 256-bit AES key, [...] encrypted in RSA-OAEP mode (SHA-256 digest, SHA-1 MGF1 digest)(https://developer.android.com/reference/android/security/keystore/WrappedKeyEntry). This specification requires being able to encrypt using RSA-OAEP with different algorithms for OAEP and MGF1.The text was updated successfully, but these errors were encountered: