Is RSA PKCS1-OAEP padding supported in bouncycastle?

java android security bouncycastle

15,022

Solution 1

The code in the first answer does work, but it's not recommended as it uses BouncyCastle internal classes, instead of JCA generic interfaces, making the code BouncyCastle specific. For example, it will make it difficult to switch to SunJCE provider.

Bouncy Castle as of version 1.50 supports following OAEP padding names.

RSA/NONE/OAEPWithMD5AndMGF1Padding
RSA/NONE/OAEPWithSHA1AndMGF1Padding
RSA/NONE/OAEPWithSHA224AndMGF1Padding
RSA/NONE/OAEPWithSHA256AndMGF1Padding
RSA/NONE/OAEPWithSHA384AndMGF1Padding
RSA/NONE/OAEPWithSHA512AndMGF1Padding

Then proper RSA-OAEP cipher initializations would look like

Cipher c = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", "BC");

Solution 2

The following code works, if anyone else is stuck with similar encryption encoding/padding issues

    SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo(
            ASN1Sequence.getInstance(rsaPublicKey.getEncoded()));

    AsymmetricKeyParameter param = PublicKeyFactory
            .createKey(publicKeyInfo);
    AsymmetricBlockCipher cipher = new OAEPEncoding(new RSAEngine(),
            new SHA1Digest());
    cipher.init(true, param);

    return cipher.processBlock(stuffIWantEncrypted, 0, 32);

15,022

Author by

Petr Prazak

I'm a programmer, speaker, runner, movie fan, Belgium beer connoisseur, cyclist and all round techie geek. I love all things mobile, especially Android and mobile security. Co-authored The Android Security CookBook and founded/run SWMobile

Updated on June 21, 2022

Comments

Petr Prazak almost 2 years
I'm implementing encryption code in Java/Android to match iOS encryption. In iOS there are encrypting with RSA using the following padding scheme: PKCS1-OAEP

However when I try to create Cipher with PKCS1-OAEP.
```
Cipher c = Cipher.getInstance("RSA/None/PKCS1-OAEP", "BC");
```
Below is the stacktrace
```
javax.crypto.NoSuchPaddingException: PKCS1-OAEP unavailable with RSA.
    at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineSetPadding(CipherSpi.java:240)
    at javax.crypto.Cipher.getCipher(Cipher.java:324)
    at javax.crypto.Cipher.getInstance(Cipher.java:237) 
```
Maybe this RSA/None/PKCS1-OAEP is incorrect? but can't find any definitive answer to say either PKCS1-OAEP is unsupported or the correct way to define it.

I'm using the spongycastle library so have full bouncycastle implementation.
- vcsjones almost 11 years
  
  Without more detail it's hard to say, but it could be something like RSA/None/OAEPWithSHA1AndMGF1Padding, for example.
- Petr Prazak almost 11 years
  
  @vcsjones i see that noted on the following bouncycastle.org/wiki/display/JA1/Frequently+Asked+Questions but while that does get past the NoSuchPaddingException it isn;t the same padding as 'PKCS1-OAEP'. What additional detail would help?
- vcsjones almost 11 years
  
  OAEP uses some kind of hashing function, whether it's SHA1 or something else depends on the implementation. We need to know more about your iOS implementation. For example, if you used RSA_PKCS1_OAEP_PADDING in your RSA_public_encrypt function, that is SHA1 with MGF1. developer.apple.com/library/ios/#documentation/System/…. What does your iOS code look like?
divanov almost 5 years

Either from BouncyCastle documentation or another option by iterating a set returned by java.security.Provider.getServices().