All geek questions in one place

How to encrypt data using RSA, with SHA-256 as a hash function and MGF1 as a mask generation function?

I did some cryptography experiments. Now I have the public key of the receiver, and I want to encrypt some data and transfer it to the recipient.

I want to use the RSAES-OAEP algorithm. with SHA-256 as a hash function and MGF1 as a mask generation function.

I want to do this using openssl. I found the RSA_public_encrypt() function with this function, which we can specify to populate. One of the available add-ons was

RSA_PKCS1_OAEP_PADDING
EME-OAEP as defined in PKCS # 1 v2.0 with SHA-1, MGF1.

they use sha-1.

I want to reconfigure a function to use SHA256 as a hash function and MGF1 as a hash function. How can i do this?

+6
source share
3 answers

OpenSSL uses the definitions from PKCS #1 v2.0 , so the default for EME-OAEP is SHA-1 and MGF1 . If you need to use SHA-256 , you will need to do the encoding yourself. This, however, is not so difficult, see PKCS # 1 v2.2 PDF .

+3
source

The following excerpt allows you to use OAEP with SHA256 for the MGF function and the hash. Tested with OpenSSL 1.0.2L

 int flags = CMS_BINARY | CMS_PARTIAL | CMS_KEY_PARAM; cms = CMS_encrypt(NULL, in, cipher, flags) ri = CMS_add1_recipient_cert(cms, cert, flags); pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_OAEP_PADDING); EVP_PKEY_CTX_set_rsa_oaep_md(pctx, EVP_sha256()); EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, EVP_sha256());
+3
source

In the latest version of Openssl (1.0.2k), the API signature has changed, which gives us more flexibility. See below for more details.

int RSA_padding_check_PKCS1_OAEP_mgf1 (unsigned char * to, int tlen, const unsigned char * from, int flen, int num, const unsigned char * param, int plen, const EVP_MD * md, const EVP_MD * mgf1md)

You can pass the EVP_MD structure to invoke the SHA-256 hash using this.

+1
source

Source: https://habr.com/ru/post/949971/

More articles:


All Articles