The oaep padding is not compatiable to other lib.

[wenjoy]

I try to use this crate to encrypt data and decrypt use node's crypto and this online tool.

this is my example code:

use rsa::{PublicKey, RSAPublicKey, RSAPrivateKey, PaddingScheme};
use rand::rngs::OsRng;
use sha2::Sha256;

pub fn encrypt_(key: &[u8], plaintext: &[u8]) -> Vec<u8> {
  let mut rng = OsRng;
  let data = plaintext;
  let public_key = RSAPublicKey::from_pkcs8(key).expect("get private key error");
  let padding = PaddingScheme::new_oaep::<Sha256>();
  let enc_data = public_key.encrypt(&mut rng, padding, &data[..]).expect("failed to decrypt");
  enc_data
}

then try to decrypt by crypto

const crypto = require('crypto');
const fs = require('fs');
const privateKey = fs.readFileSync('./private.pem');
const publicKey = fs.readFileSync('./public.pem');
const cipher = fs.readFileSync('./cipher') // I persisted the encrypt data into this file without base64 encoded

function decryptOthers() {
  const plainText = crypto.privateDecrypt(privateKey, cipher);
  console.log('plainText: ', plainText.toString());
}

then I got this error error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error

here is my private.pem

-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC3tiVTqKHkGZAl
bW9NsOjT87HkoIjlQM8el9qhsSBZJRzZr3cbZuV57qbhC2Nls7RurYGjd6+sNL4d
mcbjzpaSSUK9WxRi/t0Uc5cAeUiPWJ4tsf4C+zPg3cA/PE4UhbOcJxsXMQ6QMCSg
9Kvqbx6IGtejvMGLsnBc9lQrY5mKzmJBEtQ8FGyZDIDWhYCvhD8PJf/VCWLh9eMM
6sQrZlO84BB5rB1iu4K23zr4CUT5hT7855FCfAhCguT+S4hy+LZTTzoObwDtT8Qo
SarCh9Y8Tu463orkYjz3h/soHci8Vryue3gvcu8l9pC/cTYZp61vEKTPLHGHbNea
Tx5WrffjAgMBAAECggEATLsyWf/sJmaa81cDDzMd/DEkEzcOFpr8J24Lrk9aEIHU
zANivzo6DLSmVQa5rGfjq/qiVBGQeV/KLHjnPo0yDMW2r3pUSIjk9D7XSiZeLSk5
YCKg0sPzRi+4tXDNt/qkK0uWIBioWYcSNXwcNh3VZcm4WbZkLKIKFnn4a+r83aFi
8j2qsMe1u0qbTUiEJjXDI6wJNJkUj/MVaBbkM0O8GPIrTbGLSSElHa843kRrnkCL
/w8xALywKJcLoYD4gruapDZIZ7kQ7dmccnghZOt+yfNsa9NX5Eiv0sYBtSgaSKfI
tbiitP5gUtTtHszDiliDjkMWlufVht5vVPjSQDl/gQKBgQDbi3WqcMXOX4+qBzy9
WT8kP8BB0tKgHpjTuyfFCUyXnfBQSngEH4LOpm73bSbl4dfvk8P+6NTLgfZDpNJt
qyFD8zW6nl6cmXpFBnW0LRRd1DY9JgqxEyMHTAWgaUWkwTz06MwU1eScj/7INV5l
5nQ7+ebW7qZaoiXy1aSmcA+KwQKBgQDWN3bw7Zkh25//hW5TvSCNgKGBI1irsNcH
akMLm5GNikUpq4i/En35MqfGGIWZD50g4J83tWSHSYfBc2RXqEuW2duPrFqRby8x
CjLfFyPimPz6OSUIAwOsCZhAxc3eHLsakpS9S0/H6ucqMGenbEvOiwN4eNmLjwo2
0kM+wgtfowKBgAtHe/EYwCDdKf1bR9SWjDbpi5AWK7oMOF/QYretxaCYfasyWD4l
/Etvo43UrsXqt3RYjB5BigU2lRdelW0K+LeL/DutPUEgZXa8YTmzgzNa3rp/hNca
G5eZYUSfg/N19hLDDxEW+BrPDxDsJQBpOZmHOkPamPNZF0gFj+L5KONBAoGALz6w
VtawLU147iwJdyKBKXQzKn4XMlagNhxziP3YjjTuqBAS6sEzU2CerAwAew98giHI
O8sfzs6iyEGg4cxWT4Dg8cD7gJPa/p/XNGiwG2vOb4lm52tyxeCf2blGfDQt9+BY
OZ+AiwD91soyMjSqS3VRYKKWqDb1871P42l8hK0CgYAv1ncq/QPZMM6yg97hHCNL
dXIlRASa1G8tHJGxdz0O0z1+tMwHR6GgN9cgKTT8I6VvhhQfQs8Lj0+itMcVnVbt
lVVqu1DNdnAT+VLFECOyxbn28GKeKBWLVih7DXCAz4UhwiYlAmdMnqCFcDy2XBs9
ZINP8KKsJFd50ijb8hRo5w==
-----END PRIVATE KEY-----

and public.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7YlU6ih5BmQJW1vTbDo
0/Ox5KCI5UDPHpfaobEgWSUc2a93G2blee6m4QtjZbO0bq2Bo3evrDS+HZnG486W
kklCvVsUYv7dFHOXAHlIj1ieLbH+Avsz4N3APzxOFIWznCcbFzEOkDAkoPSr6m8e
iBrXo7zBi7JwXPZUK2OZis5iQRLUPBRsmQyA1oWAr4Q/DyX/1Qli4fXjDOrEK2ZT
vOAQeawdYruCtt86+AlE+YU+/OeRQnwIQoLk/kuIcvi2U086Dm8A7U/EKEmqwofW
PE7uOt6K5GI894f7KB3IvFa8rnt4L3LvJfaQv3E2GaetbxCkzyxxh2zXmk8eVq33
4wIDAQAB
-----END PUBLIC KEY-----

and I also tried on this online tool. still no lucky.

but if:

1. I encrypt with node's crypto then decrypt with this online tool. it works.
2. I encrypt with this rust lib,but use pkcs1 padding, and select pkcs1 in online tool. it works.

So I can infer that it's the oaep padding lead to incompatible.

[dignifiedquire]

• the online tool seems to only support oeap with sha1, but your rust code shows using sha2
• the default in nodejs is sha1 one as well see https://nodejs.org/api/crypto.html#crypto_crypto_privatedecrypt_privatekey_buffer

  oaepHash The hash function to use for OAEP padding and MGF1. Default: 'sha1'

[wenjoy]

@dignifiedquire Thanks for rapidly reply. I thought is the sha1 issue. But I cant figure out how to use sha1 in this crate.

use rsa::{PublicKey, RSAPublicKey, RSAPrivateKey, PaddingScheme};
use rand::rngs::OsRng;
use sha1::Sha1;

pub fn encrypt_(key: &[u8], plaintext: &[u8]) -> Vec<u8> {
  let mut rng = OsRng;
  let data = plaintext;
  let public_key = RSAPublicKey::from_pkcs8(key).expect("get private key error");
  // pkcs#1 padding
  // let padding = PaddingScheme::new_pkcs1v15_encrypt();
  let padding = PaddingScheme::new_oaep::<Sha1>();
  let enc_data = public_key.encrypt(&mut rng, padding, &data[..]).expect("failed to decrypt");
  enc_data
}

I tried this, but it complain. And I cant find out what other than Sha256 I can adapt, after go through the document.

[tarcieri]

Note: SHA-1 is cryptographically broken and unsuitable for use in any secure context.

[wenjoy]

@tarcieri Thanks. But I do need to interact with some legacy code. Is there any way I can use this lib to achieve?

[dignifiedquire]

@wenjoy what is the issue you are encountering with passing Sha1? We do have a test making sure the code does work with Sha1: https://github.com/RustCrypto/RSA/blob/master/src/key.rs#L904

[wenjoy]

@dignifiedquire I got this error:

the trait bound `sha1::Sha1: digest::Update` is not satisfied

the trait `digest::Update` is not implemented for `sha1::Sha1`

But the link you post inspired me to check the dependencies, then I solved it!

Thanks so much @dignifiedquire !

That's the thing. Previously my dependencies likes this:

sha1 = "*

after compare with this lib's , I found it should be this:

sha-1 = "*"

Now it works like a charm. But I have to say why its name so weird. Just following sha2 sha3 wouldn't be nice?

Anyway, thanks again @dignifiedquire.

[newpavlov]

@wenjoy
See the following remark in the hashes repository: https://github.com/RustCrypto/hashes#crate-names

[dignifiedquire]

glad to hear it is working now @wenjoy

[wenjoy]

@newpavlov Now that does make sense. Thanks buddy.