How to encode using RSA/NONE/OAEPWithSHA-1AndMGF1Padding?

[watson]

I'm trying to mimic the following Java code:

byte[] data = ... // bytes to encode
PublicKey key = ... // a public key extracted from a pem encoded X.509 certificate
Cipher encoder = Cipher.getInstance("RSA/NONE/OAEPWithSHA-1AndMGF1Padding");
encoder.init(Cipher.ENCRYPT_MODE, key);
byte[] encoded = encoder.doFinal(data);

But I'm not sure I completely understand the documentation in the README.md file 😨 The following is based off a RSA/ECB/OAEPWithSHA-256AndMGF1Padding implementation that I found under the RSA section, but I'm not sure how to change it from ECB to NONE:

var encoded = publicKey.encrypt(data, 'RSA-OAEP', {
  md: forge.md.sha1.create(),
  mgf: {
    md: forge.md.sha1.create()
  }
})

Btw, I've also seen this approach used, but I can't figure out if it's just two ways of writing the same thing:

var encoded = publicKey.encrypt(data, 'RSA-OAEP', {
  md: forge.md.sha1.create(),
  mgf: forge.mgf.mgf1.create(forge.md.sha1.create())
})

[parsibox]

i also have this question
please answer this question

[dlongley]

The presence of "ECB" in "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" doesn't make any sense. "ECB" is a symmetric cipher mode and RSA-OAEP is an asymmetric cipher. So "ECB" has no effect whatsoever ... I presume it has the same meaning as "NONE".

If someone wants to put some runnable code into this issue for both the Java and JavaScript side demonstrating something not working properly, then others could help debug what the issue is.

[MartijnR]

Btw, I've also seen this approach used, but I can't figure out if it's just two ways of writing the same thing:

Thanks for posting this. It helped me a lot. I found out they are not the same thing. The one that matches Java RSA/NONE/OAEPWithSHA-1AndMGF1Padding is:

mgf: forge.mgf.mgf1.create( forge.md.sha1.create() )

The other one results in an exception during decryption: javax.crypto.BadPaddingException: data hash wrong

[TheCoderateKid]

Btw, I've also seen this approach used, but I can't figure out if it's just two ways of writing the same thing:

Thanks for posting this. It helped me a lot. I found out they are not the same thing. The one that matches Java RSA/NONE/OAEPWithSHA-1AndMGF1Padding is:

mgf: forge.mgf.mgf1.create( forge.md.sha1.create() )

The other one results in an exception during decryption: javax.crypto.BadPaddingException: data hash wrong

Hi I am unable to get RSA/NONE/OAEPWithSHA-1AndMGF1Padding working with this library, any chance for an example of how this type of encryption is done with this library? I have used the suggested approach above to no avail

// this does not work
var encoded = publicKey.encrypt(data, 'RSA-OAEP', {
  md: forge.md.sha1.create(),
  mgf: forge.mgf.mgf1.create(forge.md.sha1.create())
})

// this does not work either
var encoded = publicKey.encrypt(data, 'RSA-OAEP', {
  md: forge.md.sha1.create(),
  mgf: {
    md: forge.md.sha1.create()
  }
})


// have tried this also

// this does not work either
var encoded = publicKey.encrypt(data, 'RSA-OAEP', {
  md: forge.md.sha256.create(),
  mgf: {
    md: forge.md.sha1.create()
  }
})

thanks in advance

[MartijnR]

This is the code we're using: https://github.com/enketo/enketo-express/blob/master/public/js/src/module/encryptor.js. Maybe that helps.

[TheCoderateKid]

Thanks @MartijnR , this helped out a lot !!!

[TheCoderateKid]

Just to note, my issue was I needed SHA-512, i did not see this in the documentation, so this worked for me

var encoded = publicKey.encrypt(data, 'RSA-OAEP', {
  md: forge.md.sha512.create(),
  mgf: forge.mgf.mgf1.create(forge.md.sha1.create())
})