You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is currently impossible to independently choose the hash functions used by rsa.EncryptOAEP for OAEP and MGF1. The issue was already raised in #19974; however, it has only been fixed in the decryption functions.
This functionality is needed to wrap keys for the Android Keystore secure import. The Android developer documentation specifies that encryptedTransportKey is a 256-bit AES key, [...] encrypted in RSA-OAEP mode (SHA-256 digest, SHA-1 MGF1 digest) (https://developer.android.com/reference/android/security/keystore/WrappedKeyEntry). This specification requires being able to encrypt using RSA-OAEP with different algorithms for OAEP and MGF1.
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/564755 mentions this issue: crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption
mauri870
changed the title
crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption
proposal: crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption
Feb 17, 2024
Proposal Details
It is currently impossible to independently choose the hash functions used by
rsa.EncryptOAEP
for OAEP and MGF1. The issue was already raised in #19974; however, it has only been fixed in the decryption functions.This functionality is needed to wrap keys for the Android Keystore secure import. The Android developer documentation specifies that
encryptedTransportKey is a 256-bit AES key, [...] encrypted in RSA-OAEP mode (SHA-256 digest, SHA-1 MGF1 digest)
(https://developer.android.com/reference/android/security/keystore/WrappedKeyEntry). This specification requires being able to encrypt using RSA-OAEP with different algorithms for OAEP and MGF1.The text was updated successfully, but these errors were encountered: