You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've found an odd bug on OTP public_key module that makes RSA-OAEP broken here on JOSE.
The bug report is here. What happens is that public_key:decrypt_private/3 is not respecting the options passed to it. So, RSA-OAEP breaks here. Options is ignored.
The fix would be to switch it to use crypto:private_decrypt directly. To do that we need to unwrap the private key because crypto accepts a list of integers instead of the record. For a two-prime RSA private key what I am currently doing is:
Hi @potatosalad !
I've found an odd bug on OTP
public_key
module that makes RSA-OAEP broken here on JOSE.The bug report is here. What happens is that
public_key:decrypt_private/3
is not respecting the options passed to it. So, RSA-OAEP breaks here. Options is ignored.The fix would be to switch it to use
crypto:private_decrypt
directly. To do that we need to unwrap the private key becausecrypto
accepts a list of integers instead of the record. For a two-prime RSA private key what I am currently doing is:I hope this helps. Since I am not that familiar with Erlang tools (common test and so on) I haven't tried opening a PR for this fix.
The text was updated successfully, but these errors were encountered: