New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support padding mode choice in javascript for private encrypt / public decrypt #16

Merged
merged 4 commits into from Feb 24, 2015

Conversation

Projects
None yet
4 participants
@krisb
Copy link
Contributor

krisb commented Feb 10, 2013

Necessary to support private encryption / public decryption with existing no padding based libraries. This was a particular issue for me due to RSA/None/NoPadding being the default for java based RSA using Bouncy Castle Provider.

@ryanrhee

This comment has been minimized.

Copy link

ryanrhee commented Apr 22, 2013

Just FYI -- You can use RSA_PKCS1_OAEP_PADDING on ursa, which is the default, and tell Bouncy Castle to use OAEP as well.

        AsymmetricBlockCipher blockCipher = new RSAEngine();
        blockCipher = new org.bouncycastle.crypto.encodings.OAEPEncoding(blockCipher);
        blockCipher.init(false, privKey);

You'd think the same would work with RSA_PKCS1_PADDING, but I couldn't get encryption-decryption to work with org.bouncycastle.crypto.encodings.PKCS1Encoding.

Also, apparently, RSA with no padding is insecure.

@ox ox closed this Jul 23, 2013

@ox ox reopened this Jul 23, 2013

@quartzjer

This comment has been minimized.

Copy link
Collaborator

quartzjer commented Dec 4, 2014

I'm working on getting all these old pull requests merged, @ox did you mean to close and then re-open this?

@ox

This comment has been minimized.

Copy link

ox commented Dec 5, 2014

I don't remember this PR and have nothing to do with it. Close it, I guess?

On Thu, Dec 4, 2014 at 5:57 PM, Jeremie Miller notifications@github.com
wrote:

I'm working on getting all these old pull requests merged, @ox did you mean to close and then re-open this?

Reply to this email directly or view it on GitHub:
#16 (comment)

@quartzjer

This comment has been minimized.

Copy link
Collaborator

quartzjer commented Dec 5, 2014

@krisb are you still using your fork that supports no-padding (or is anyone else)? I haven't tested it yet, but the advantage I see of having it merged in is that it allows the app to implement its own padding and just use this lib to do the crypto.

As @ryanrhee mentioned using no-padding as the end result is definitely unwise, but at least this would give more padding choices than what is built in?

@krisb

This comment has been minimized.

Copy link
Contributor

krisb commented Feb 4, 2015

@quartzjer I am. I'm not advocating using no padding, but if you don't control the other end of things and its using no padding then this is the only choice available.

@quartzjer quartzjer merged commit 06ea0c3 into JoshKaufman:master Feb 24, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment