RSA PKCS#1 v2.2 – OAEP & SHA256

Question

Solved1.22K viewsSeptember 2, 2021Cryptography and Security

OSSONA_L 21 May 15, 2021

2 Comments

Looking for examples (test vectors) in using RSA PKCS#1 v2.2 OAEP with MGF1 and SHA256.

Thanks.

Question is closed for new answers.

admin Selected answer as best September 2, 2021

OSSONA_L commented August 27, 2021

Hello,
After some tests with OpenSSL I’m sharing some use cases below.

Ref:
https://www.openssl.org/docs/man1.1.1/man1/openssl-pkeyutl.html

generate a 3072 bits RSA key
—————————-
OpenSSL> genrsa -f4 -out key3072.pem 3072

print RSA key to text file
————————–
OpenSSL> rsa -in key3072.pem -out key3072.pem.txt -text

ASN.1 parse key and export to PEM format file
———————————————
OpenSSL>asn1parse -inform PEM -i -in key3072.pem -out key3072.der

Encrypt / Decrypt with PKCS#1 v1.5 method (EME-PKCS1-v1_5)
———————————————————-
OpenSSL> rsautl -encrypt -inkey key3072.pem -in TestKey.bin -out TestKey.bin.enc
OpenSSL> rsautl -decrypt -inkey key3072.pem -in TestKey.bin.enc -out TestKey.bin.dec

Encrypt / Decrypt with PKCS#1 v2.2 OAEP method (EME-OAEP-ENCODE)
—————————————————————-
MGF Hash Function SHA1
Padding SHA1
OpenSSL> pkeyutl -encrypt -inkey key3072.pem -in TestKey.bin -out TestKey.bin.oaep3.enc -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha1 -pkeyopt rsa_mgf1_md:sha1
OpenSSL> pkeyutl -decrypt -inkey key3072.pem -in TestKey.bin.oaep3.enc -out TestKey.bin.oaep3.dec -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha1 -pkeyopt rsa_mgf1_md:sha1

Encrypt / Decrypt with PKCS#1 v2.2 OAEP method (EME-OAEP-ENCODE)
—————————————————————-
MGF Hash Function SHA1
Padding SHA-256
OpenSSL> pkeyutl -encrypt -inkey key3072.pem -in TestKey.bin -out TestKey.bin.oaep1.enc -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1
OpenSSL> pkeyutl -decrypt -inkey key3072.pem -in TestKey.bin.oaep1.enc -out TestKey.bin.oaep1.dec -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1

Encrypt / Decrypt with PKCS#1 v2.2 OAEP method (EME-OAEP-ENCODE)
—————————————————————-
MGF Hash Function SHA-256
Padding SHA-256
No OAEP Encoding Parameters
OpenSSL> pkeyutl -encrypt -inkey key3072.pem -in TestKey.bin -out TestKey.bin.oaep2.enc -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256
OpenSSL> pkeyutl -decrypt -inkey key3072.pem -in TestKey.bin.oaep2.enc -out TestKey.bin.oaep2.dec -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256

Decrypt with PKCS#1 v2.2 OAEP method (EME-OAEP-ENCODE)
——————————————————
MGF Hash Function SHA-256
Padding SHA-256
OAEP Encoding Parameters = 39383736
OpenSSL> pkeyutl -decrypt -inkey key3072.pem -in TMK.HSM.2.oaep.enc.bin -out TMK.HSM.2.oaep.dec.bin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -pkeyopt rsa_oaep_label:39383736

OSSONA_L commented August 27, 2021

So my case may be closed.

1

1 Answer

admin 179 · Answer 1 · 2021-09-02T04:11:35+00:00