Skip to content

crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption #65716

New issue
New issue
Open
#75446
Open
crypto/rsa: allow hash.Hash for OAEP and MGF1 to be specified independently for encryption#65716
#75446
Labels
ProposalProposal-AcceptedProposal-CryptoProposal related to crypto packages or other security issues
Milestone
Backlog
@mmauv

Description

@mmauv
mmauv
opened on Feb 15, 2024

Proposal Details

It is currently impossible to independently choose the hash functions used by rsa.EncryptOAEP for OAEP and MGF1. The issue was already raised in #19974; however, it has only been fixed in the decryption functions.

This functionality is needed to wrap keys for the Android Keystore secure import. The Android developer documentation specifies that encryptedTransportKey is a 256-bit AES key, [...] encrypted in RSA-OAEP mode (SHA-256 digest, SHA-1 MGF1 digest) (https://developer.android.com/reference/android/security/keystore/WrappedKeyEntry). This specification requires being able to encrypt using RSA-OAEP with different algorithms for OAEP and MGF1.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ProposalProposal-AcceptedProposal-CryptoProposal related to crypto packages or other security issues

    Type

    No type

    Projects

    Proposals

    Status

    Accepted

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions