如何正确使用 Bouncy Castle 的 OAEPEncoding for RSA(轻量级 API)

发布于 2024-09-06 21:07:57 字数 1168 浏览 5 评论 0原文

我一直在尝试 Bouncy Castle 的 RSA(轻量级 API)实现并了解了基础知识。查看他们的 JCE 提供程序实现的 spec,我注意到不同的填充方案可以与 RSA 一起使用。据我了解,默认情况下使用空填充。因此我开始探索 OAEP 填充,特别是 OAEPWithSHA512AndMGF1Padding。使用Google搜索并不是很有帮助,所以我开始挖掘BC的源代码并发现org.bouncycastle.jce.provider.JCERSACipher 类。但是看着 initFromSpec 很快就让我头疼了……具体来说,我不明白可以传递给 OAEPEncoding 构造函数的最后两个参数是什么。根据 BC 的 API,OAEPEncoding 构造函数允许四个参数接受 Digest mgf1Hashbyte[]encodingParams 作为最后两个参数。这让我很困惑,因为我不知道如何获取掩码生成算法的实例,也不了解称为 encodingParams 的字节数组背后的目的。下面代码中 arg3arg4 的值应该是多少?

RSABlindedEngine rsa = new RSABlindedEngine();
SHA512Diges sha512 = new SHA512Digest();
Digest arg3 = ???;
byte[] arg4 = ???;
AsymmetricBlockCipher cipher = new OAEPEncoding(rsa, sha512, arg3, arg4);

I've been playing around with Bouncy Castle's implementation of RSA (Lightweight API) and got the basics figured out. Looking at their spec for JCE provider implementation I noticed that different padding schemes can be used with RSA. From what I understand, by default null padding is used. So I began exploring OAEP padding, particularly OAEPWithSHA512AndMGF1Padding. Searching with Google wasn't very helpful so I began digging through BC's source code and found org.bouncycastle.jce.provider.JCERSACipher class. But looking at initFromSpec quickly gave me a headache... Specifically, I don't understand what the last two parameters that can be passed to the OAEPEncoding constructor are. According to BC's API the OAEPEncoding constructor that allows four parameters accepts Digest mgf1Hash and byte[] encodingParams as the last two arguments. This stumped me because I have no idea how to get a hold of an instance of the mask generation algorithm nor do I understand the purpose behind the byte array referred to as encodingParams. What should be the values of arg3 and arg4 in the code below?

RSABlindedEngine rsa = new RSABlindedEngine();
SHA512Diges sha512 = new SHA512Digest();
Digest arg3 = ???;
byte[] arg4 = ???;
AsymmetricBlockCipher cipher = new OAEPEncoding(rsa, sha512, arg3, arg4);

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

南渊 2024-09-13 21:07:57

OAEP 由 PKCS#1 第 7.1 节 指定。

OAEP 需要以下参数:

  • 哈希函数;
  • “掩码生成函数”,可以被认为是具有无限输出长度的哈希函数;
  • “标签”(任意字节序列)。

只有一个定义的掩码生成函数,称为 MGF1,并且该函数是基于哈希函数构建的。因此,您的 arg3 是 MGF1 将使用的哈希函数。它可能是与第一个哈希函数相同的哈希函数(我不确定它可能是 Bouncy Castle API 中的相同 Digest 实例;我在这里用数学方法进行讨论)。它也可能是另一个哈希函数。

标签可以用作实例之间的一种区分器(例如,您可以使用标签中编码的明确“目的”来加密数据)。它在一些数学证明中很方便,但现在 PKCS#1 建议使用空字符串并用它来完成。出于 PKCS#1 中描述的目的,空标签与任何标签一样好。

解密过程必须知道这些参数才能进行操作。通常将它们编码在加密消息附带的结构中,并表示“这是使用 RSA/OAEP 加密的”;这就是 CMS 中发生的情况。

如有疑问,请对 MGF1 使用与第一个参数相同的哈希函数,并使用空标签。

OAEP is specified by PKCS#1, section 7.1.

OAEP requires the following parameters:

  • a hash function;
  • a "mask generation function" which can be thought of as a hash function with unlimited output length;
  • a "label" (an arbitrary sequence of bytes).

There is only one defined mask generation function, called MGF1, and that function is built over a hash function. So your arg3 is the hash function which MGF1 will use. It may be the same hash function than the first one (I am not sure it may be the same Digest instance in the Bouncy Castle API; I am talking mathematically here). It may also be another hash function.

The label can be used as a kind of distinguishers between instances (e.g. you could encrypt data with an explicit "purpose" encoded in the label). It is handy in some mathematical proofs, but right now PKCS#1 recommends using an empty string and be done with it. For the purposes described in PKCS#1, an empty label is as good as any.

The decryption process must know those parameters to operate. It is customary to encode them in the structure which comes along with the encrypted message and says "this is encrypted with RSA/OAEP"; that's how it happens in CMS.

When in doubt, use the same hash function as first parameter and for MGF1, and use an empty label.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文