Skip to content

fix: default OAEP hash to sha1 for Node.js compatibility#951

Merged
boorad merged 1 commit intomainfrom
fix/rsa-oaep-default-hash
Feb 19, 2026
Merged

fix: default OAEP hash to sha1 for Node.js compatibility#951
boorad merged 1 commit intomainfrom
fix/rsa-oaep-default-hash

Conversation

@boorad
Copy link
Collaborator

@boorad boorad commented Feb 19, 2026

Summary

publicEncrypt and privateDecrypt defaulted the OAEP hash to SHA-256 when no oaepHash option was specified. Node.js (and the PKCS#1 v2.2 / RFC 8017 spec) defaults to SHA-1, causing data encrypted by Node.js or any standard-compliant implementation to fail decryption in RNQC.

Changes

  • Change default oaepHash from 'SHA-256' to 'sha1' in both publicEncrypt and privateDecrypt
  • Add cross-compatibility test that decrypts a ciphertext generated by Node.js crypto.publicEncrypt with default OAEP settings

Testing

  • Existing roundtrip tests continue to pass (now exercising SHA-1 by default, matching Node.js)
  • New test validates decryption of a real Node.js-produced ciphertext with default OAEP (no oaepHash specified)

Fixes #950

@boorad
fix: default OAEP hash to sha1 for Node.js compatibility (#950)
0e35f6f 
publicEncrypt and privateDecrypt defaulted the OAEP hash to SHA-256 when
no oaepHash option was specified. Node.js defaults to SHA-1, causing data
encrypted by Node.js (or any standard implementation) to fail decryption.
@boorad boorad self-assigned this Feb 19, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 19, 2026

🤖 End-to-End Test Results - Android

Status: ✅ Passed
Platform: Android
Run: 22164160466

📸 Final Test Screenshot

Maestro Test Results - android

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 19, 2026

🤖 End-to-End Test Results - iOS

Status: ✅ Passed
Platform: iOS
Run: 22164160443

📸 Final Test Screenshot

Maestro Test Results - ios

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@boorad boorad merged commit 67ffdfa into main Feb 19, 2026
6 checks passed
@boorad boorad deleted the fix/rsa-oaep-default-hash branch February 19, 2026 01:14
boorad added a commit that referenced this pull request Feb 24, 2026
@boorad
docs: add missing API pages, update coverage, and add llms.txt
7e5e1f2 
New pages: PQC (ML-DSA/ML-KEM), Argon2, KMAC, Certificate (SPKAC),
and Utilities (one-shot hash, timingSafeEqual, primes, introspection).

Updated 8 existing pages with missing API sections: SubtleCrypto
(deriveBits, deriveKey, wrapKey/unwrapKey, encapsulation), Keys
(KeyObject.from, equals, toCryptoKey), Signing (standalone sign/verify),
DiffieHellman (diffieHellman function), Ed25519 (Ed448/X448), Hash
(crypto.hash one-shot, SHA3), ECDH (convertKey), and reorganized the
API index into Core/Key Exchange/Key Derivation/Advanced sections.

Annotated 7 pages with behavioral notes from recent fix PRs (#929,
#930, #932, #933, #939, #948, #949, #951, #954, #955): cipher
single-use warning, generateKeys preservation, PBKDF2 validation,
OAEP hash default, randomFill view correctness, RSA-* aliases, and
flexible curve names.

Added llms.txt index route and fixed llms-full.txt JSX stripping in
source.ts to produce clean LLM-friendly output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@boorad boorad

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🐛 RSA-OAEP does not decrypt properly in 1.0.x

1 participant

@boorad