Add support for mixed hashing (RSA/ECB/OAEPWithSHA-256AndMGF1Padding) about bc-csharp HOT 6 CLOSED

maybe this pull request will help: https://github.com/bcgit/bc-csharp/pull/54/files

from bc-csharp.

Just one thing with this one - which Java provider is being talked about here? The BC one, in line with the recommended practice with OAEP, defaults to the same mask generation digest as the base one.

Fabio's patch will obviously help with this, but I am wondering about the usage at the Java end - if possible OAEP should be configured to use the same digest in both roles.

from bc-csharp.

I'm talking about the SUN provider, which, when using the default cipher initialisation, doesn't use the same digest algorithm for both OAEP and MGF. You are completely right that changing the configuration on the java side (setting both digest the same) is the best solution. But as you know, sometimes legacy application need much time to perform such a change...

I tested the pull request of Fabio and worked as intended. Maybe you could add a warning when using incongruent digests that suggest the users to be compliant with recommendation at some point.

from bc-csharp.

BTW: There is an open issue in OpenJDK targeting this very problem: https://bugs.openjdk.java.net/browse/JDK-7038158

from bc-csharp.

Is there anything missing in this issue and related pull request? I know it's an old one but still would be great to have this merged.

from bc-csharp.

So I've just checked and the sun provider is still doing this. I'd say this issue will never be fixed, the other weird thing the cipher implementation is using BER for the parameters encoding... Anyway, I've merged the patch.

from bc-csharp.