Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support padding mode choice in javascript for private encrypt / public decrypt #16

Merged
merged 4 commits into from Feb 24, 2015

Conversation

@krisb
Copy link
Contributor

@krisb krisb commented Feb 10, 2013

Necessary to support private encryption / public decryption with existing no padding based libraries. This was a particular issue for me due to RSA/None/NoPadding being the default for java based RSA using Bouncy Castle Provider.

@ryanrhee
Copy link

@ryanrhee ryanrhee commented Apr 22, 2013

Just FYI -- You can use RSA_PKCS1_OAEP_PADDING on ursa, which is the default, and tell Bouncy Castle to use OAEP as well.

        AsymmetricBlockCipher blockCipher = new RSAEngine();
        blockCipher = new org.bouncycastle.crypto.encodings.OAEPEncoding(blockCipher);
        blockCipher.init(false, privKey);

You'd think the same would work with RSA_PKCS1_PADDING, but I couldn't get encryption-decryption to work with org.bouncycastle.crypto.encodings.PKCS1Encoding.

Also, apparently, RSA with no padding is insecure.

@ox ox closed this Jul 23, 2013
@ox ox reopened this Jul 23, 2013
@quartzjer
Copy link
Collaborator

@quartzjer quartzjer commented Dec 4, 2014

I'm working on getting all these old pull requests merged, @ox did you mean to close and then re-open this?

@ox
Copy link

@ox ox commented Dec 5, 2014

I don't remember this PR and have nothing to do with it. Close it, I guess?

On Thu, Dec 4, 2014 at 5:57 PM, Jeremie Miller notifications@github.com
wrote:

I'm working on getting all these old pull requests merged, @ox did you mean to close and then re-open this?

Reply to this email directly or view it on GitHub:
#16 (comment)

@quartzjer
Copy link
Collaborator

@quartzjer quartzjer commented Dec 5, 2014

@krisb are you still using your fork that supports no-padding (or is anyone else)? I haven't tested it yet, but the advantage I see of having it merged in is that it allows the app to implement its own padding and just use this lib to do the crypto.

As @ryanrhee mentioned using no-padding as the end result is definitely unwise, but at least this would give more padding choices than what is built in?

@krisb
Copy link
Contributor Author

@krisb krisb commented Feb 4, 2015

@quartzjer I am. I'm not advocating using no padding, but if you don't control the other end of things and its using no padding then this is the only choice available.

@quartzjer quartzjer merged commit 06ea0c3 into JoshKaufman:master Feb 24, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants