Is RSA PKCS1-OAEP padding supported in bouncycastle?
Solution 1
The code in the first answer does work, but it's not recommended as it uses BouncyCastle internal classes, instead of JCA generic interfaces, making the code BouncyCastle specific. For example, it will make it difficult to switch to SunJCE provider.
Bouncy Castle as of version 1.50 supports following OAEP padding names.
- RSA/NONE/OAEPWithMD5AndMGF1Padding
- RSA/NONE/OAEPWithSHA1AndMGF1Padding
- RSA/NONE/OAEPWithSHA224AndMGF1Padding
- RSA/NONE/OAEPWithSHA256AndMGF1Padding
- RSA/NONE/OAEPWithSHA384AndMGF1Padding
- RSA/NONE/OAEPWithSHA512AndMGF1Padding
Then proper RSA-OAEP cipher initializations would look like
Cipher c = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", "BC");
Solution 2
The following code works, if anyone else is stuck with similar encryption encoding/padding issues
SubjectPublicKeyInfo publicKeyInfo = new SubjectPublicKeyInfo(
ASN1Sequence.getInstance(rsaPublicKey.getEncoded()));
AsymmetricKeyParameter param = PublicKeyFactory
.createKey(publicKeyInfo);
AsymmetricBlockCipher cipher = new OAEPEncoding(new RSAEngine(),
new SHA1Digest());
cipher.init(true, param);
return cipher.processBlock(stuffIWantEncrypted, 0, 32);
Petr Prazak
I'm a programmer, speaker, runner, movie fan, Belgium beer connoisseur, cyclist and all round techie geek. I love all things mobile, especially Android and mobile security. Co-authored The Android Security CookBook and founded/run SWMobile
Updated on June 21, 2022Comments
-
Petr Prazak almost 2 years
I'm implementing encryption code in Java/Android to match iOS encryption. In iOS there are encrypting with RSA using the following padding scheme: PKCS1-OAEP
However when I try to create Cipher with PKCS1-OAEP.
Cipher c = Cipher.getInstance("RSA/None/PKCS1-OAEP", "BC");
Below is the stacktrace
javax.crypto.NoSuchPaddingException: PKCS1-OAEP unavailable with RSA. at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineSetPadding(CipherSpi.java:240) at javax.crypto.Cipher.getCipher(Cipher.java:324) at javax.crypto.Cipher.getInstance(Cipher.java:237)
Maybe this
RSA/None/PKCS1-OAEP
is incorrect? but can't find any definitive answer to say either PKCS1-OAEP is unsupported or the correct way to define it.I'm using the spongycastle library so have full bouncycastle implementation.
-
vcsjones almost 11 yearsWithout more detail it's hard to say, but it could be something like
RSA/None/OAEPWithSHA1AndMGF1Padding
, for example. -
Petr Prazak almost 11 years@vcsjones i see that noted on the following bouncycastle.org/wiki/display/JA1/Frequently+Asked+Questions but while that does get past the NoSuchPaddingException it isn;t the same padding as 'PKCS1-OAEP'. What additional detail would help?
-
vcsjones almost 11 yearsOAEP uses some kind of hashing function, whether it's SHA1 or something else depends on the implementation. We need to know more about your iOS implementation. For example, if you used
RSA_PKCS1_OAEP_PADDING
in your RSA_public_encrypt function, that is SHA1 with MGF1. developer.apple.com/library/ios/#documentation/System/…. What does your iOS code look like?
-
-
divanov almost 5 yearsEither from BouncyCastle documentation or another option by iterating a set returned by
java.security.Provider.getServices()
.