New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA algorithm incompatible with other languages #58
Comments
What's the simplest way to repro this? Curious to poke around a bit and see what's going on. |
BLUF: current incompatibility stems from the fact that Java's OK, got a chance to take a look, and figured out what's going on. This isn't a bug per se, but arises from somewhat unconventional defaults.
The Sun crypto provider's implementation of We can make the Go side compatible with Java by making it use The other option would be to configure the Java side to produce OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT);
cipher.init(Cipher.DECRYPT_MODE, privateKey, oaepParams); I confirmed that both options outlined above produce inputs/outputs that are compatible between languages. For legacy purposes, we should make sure that Golang can read old keys. However, if we're standardizing encryption algorithm parameters moving forward knowing that we'll eventually switch over (as we're doing in #56 for AES), it may make sense to switch the Java code to use the more widely compatible |
the sun crypto provider's implementation of
RSA/ECB/OAEPWithSHA-256AndMGF1Padding
I believe has a bug it in, which causes it to not be compatible with other languages (like Go). I have verified Go's RSA/ECB/OAEP-SHA-256 cipher is incapable of decrypting a value encrypted with java, given the same key.This issue appears to outline the problem, but it is quite old: https://bugs.openjdk.java.net/browse/JDK-7038158
We were able to verify that java's
RSA/ECB/OAEPWithSHA-1AndMGF1Padding
works fine between java and Go. So as a proposed path forward, I'd suggest we update the java's cipher to use something that is compatible across languages.The text was updated successfully, but these errors were encountered: