Comments (9)
To add some weight to this issue, many implementations out there (including the recommended implementation of WebCrypto) of RSA-OAEP is using SHA-256 for hashing and MGF.
The implementation currently in pointycastle is hardcoding SHA1 for those, and it makes interoperability between, say, a Native Flutter and a Web-based application to be broken.
I tried playing in the internals of asymmetric/oaep.dart
but I'm not cryptographer, so I feel clueless to help unfortunately.
from pc-dart.
Thanks @mwcw! I did a quick implementation that seems to work, although I'm not sure it's up to the PointyCastle standard right now: braverhealth@0be621f
To avoid clashing with existing API, I simply added an entirely new class that is a copy of pretty much the entire existing SHA1-based OAEP class, but using SHA-256 where appropriate. Tests against a reference implementation (from a Python equivalent library) indicate that encryption/decryption work fine with this minimal change.
If you don't have bandwidth to tackle that now, I can open a PR in a couple days to clean things up.
from pc-dart.
Maybe I'm out of line here, and asymmetric encryption isn't my specialty, but can we generalize OAEP to work with any hashing algorithm underneath? We do have a Digest class, so if users can pass a digest, we can do something similar to the PBKDF2 construction (or whatever).
from pc-dart.
Hi,
Thanks, I'll see how I go getting to it.
MW
from pc-dart.
I think that we likely have to preserve SHA-1 as the default (in the interest of not breaking all RSA-OAEP code). Providing multiple OAEP classes seems ridiculous (the digest is already declared as a top-level field, we can literally just provide access to that through a parameter).
This can be mitigated with a major version change. Using SHA-1 makes encryption vulnerable - see the comment here - https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams
We should probably use: "RSA/OAEP/___", where the empty space is the hashing algorithm, for the registry. If a consumer is accessing the class directly, we can provide an optional "digest" parameter in the constructor which defines the hashing algorithm to use.
That might be ok as long as the default is secure. Preserving backwards compatibility in the face of existing security vulnerability is wrong.
I believe that this issue should be treated as a disclosed security vulnerability and OAEP implementation here should not be used until this issue is fixed. It also deserves a notice in readme once the major version change is released that OAEP implementation in previous versions is insecure.
from pc-dart.
I opened a PR (#98) with the mentioned changes. We are actively using it in a production app and encryption is compatible with other implementations.
from pc-dart.
@AKushWarrior it could in theory, but in practice and through different recommendations, SHA256 is most often used as the Hash function as well as in the MGF1 hash generation. SHA1 is considered less secure and I've never seen other hash functions used in place of those.
from pc-dart.
I think that we likely have to preserve SHA-1 as the default (in the interest of not breaking all RSA-OAEP code). Providing multiple OAEP classes seems ridiculous (the digest is already declared as a top-level field, we can literally just provide access to that through a parameter).
We should probably use: "RSA/OAEP/___", where the empty space is the hashing algorithm, for the registry. If a consumer is accessing the class directly, we can provide an optional "digest" parameter in the constructor which defines the hashing algorithm to use.
Though this allows novel constructions (which are discouraged), I think that this library is not strongly opinionated when it comes to "best practices"; we provide the tools and have faith that client programmers know enough not to shoot themselves in the foot.
from pc-dart.
Have you looked at the PR? Maybe it'd be more constructive to discuss there? Your comment seems out of date with the current situation.
from pc-dart.
Related Issues (20)
- ECDSA verifier HOT 1
- Poly1305 support for web
- New release HOT 4
- Create x509 certificate HOT 1
- PKCS12 Support HOT 1
- Converting ECPrivateKey SEC1 to PCKS8
- Bug in CMAC with AES256 key
- [proposed label: documentation] Is the implementation of the OAEPEncoding class really incompatible with PKCS#1 v2.1 or later? HOT 1
- creating signature using @noble/secp256k1 different from signature created in flutter
- SMIME decryption issue
- How to Generate draft-thomas-crypto-conditions-04 in Dart?
- Expose some API to set the number of rounds in AES key expansion.
- RSAPrivateKey totient function (issue/question)
- Different license informations
- RSA Verification failed with SHA-384/RSA
- isUint8ListEqual bug
- [RSA/OEAP]: Invalid argument(s): message too long
- Converting PublicKey and PrivateKey objects to a string that can be stored in secure storage HOT 1
- GCTRBlockCipher example
- Can I obtain the issuance time and expiration time of the .fpx certificate file?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pc-dart.