使用google/wycheproof测试向量进行RSA-OAEP解密测试

huangapple go评论68阅读模式
英文:

Test RSA-OAEP decryption using the google/wycheproof test vectors

问题

I am trying to test RSAOAEP decryption using google/wycheproof test vectors.

Below is the snippet of testvectors

"testGroups" : [
{
"privateKeyPem" : "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAorRRoH0KpfluRVZxUTVQUUqKW0YuvvcXCU+h/ugiJOY3+XRt\nP3yv0xh42AMltu9aFwD2WQO0aUKeidbqyIRQl7WrOTGJ25JRLtincRoSU/rNIPec\nFegkfz0+QuRuSMmOJUov6XZTE6A+/48X4aApOXofomqNzib0kO2BKZYV2YFMItph\nBCjgnH2WWFlCZvXAIdD87KCNlFoSvoLeTR7Oa0wDFFtdNJXU7VQR64eNrwX9evw+\nCa2g8RJkIvWQl1oZaYFvSGmLy7obTZyuedRg2Pn4Xnl1AF2bwixOWsD3waRdElaa\nYoB9O5oC5aUw53MGb0U9H1tMLpz3ggKD90K51QIDAQABAoIBAHYn7vNWeyonJo5S\nBT7NMcOnFyzLndzugZswals8ZrdXPKT6iO/G88SgC/oK5xOfZFQ6Taw9BYI/b/R3\nz87IT+KsemixcgSzkCMuEQMQxOiZxOfBCWfbSs3gQtu/GdvgC0tHQd4QIKqq/7UF\nTHl8nxNvfZOsP8jK/2ZUJC14IevuUXv1N/RDZqD91FrgW5kJwubMHtkoHv9Dmfds\nlrliM+wprgu/DXUrI0/BlzifUQUKoazQHAdMOsj7256otlGpWZXo20rVxDtshnPl\noSbn7pS43/TFr8ASWbyNp2lQuub4uucV9QmFsNb2bQTG/vO3AHIO7NzfFxu3sey+\nconEZ8ECgYEA3EMQUPeC6JT7UkgkfZjLfVi40eJPO1XQQcVuTeCGsNW7AovaQu61\n0jTVaB5YCdQV5qKJrUz794+Xj2w1gU9Q7r/xxbgKafeI6B5rq13ap4Np1lnRQ+xv\nF+eYE6V1z62cVpFWuQET4ukRCtnntIock0im5lMyEZEpDqNs+zpbGPECgYEAvRqB\n55d/mJgSInOuMiK1mOpfsZ606rw4MIpeMhlmA7LlAP+3n1uIaBZhHevEcvrEVUQH\nC+sFfJQTeKaGivO3oD0/mIDsR9XgiblPveVCq6mujXLFcIjXq/WxMfOQmPe8Fg+Q\nU2q8lJL9Tgbz7XKZ1Ll7sDZ3IH2VZp8UDPvCDyUCgYEAqUtSiyjykVmRIdkZUv/R\nx/IdfBR52Z1HiIX7Fhhw7hIYvwhHJhLb5Ul+jZxlBojgnHhpYa4+LDVNxIrjRRR1\nnEwjxFiEiJYdwGtBTmHA4ef7vSkj0xUy/iifltoiBxHljBQBmAjgBBQnaTO7B+Tv\nubSps3ZWkXIFIJ8z8JUV18ECgYA68OcqkzrvCf8lA994uv7VMcAv8aK8Q3xUDNy9\nStNUNc9RF2NZZUNIBimxFMp/eA/376MuoMtuAA1tnqHy73H9nPmUhCKhZVV+N+dV\n7f5w2QuSBQLrR4vJimP3iM46D4Vtbt5yUaODv6j6SAqBqSWvezzFOMS6uMn3WX/7\naAEdjQKBgCZA+/vP77Fj7nqHtkg6Zu5B+VbZD6ink5v8BC7gkksbeZPQRF91jVGT\nPoUXnAMgsMlotIqRw4tb6SPhCXwMVi+I1CKUtqJ1m6+lQop08ScIdORfb8xg8hYC\n3l7M0UPPMSQfWSG1rTmD+1TvF747KFNn5QyZnGcke1Uv5L/OlF97\n-----END RSA PRIVATE KEY-----",
"privateKeyPkcs8" : "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100a2b451a07d0aa5f96e455671513550514a8a5b462ebef717094fa1fee82224e637f9746d3f7cafd31878d80325b6ef5a1700f65903b469429e89d6eac8845097b5ab393189db92512ed8a7711a1253facd20f79c15e8247f3d3e42e46e48c98e254a2fe9765313a03eff8f17e1a029397a1fa26a8dce26f490ed81299615d9814c22da610428e09c7d9658594266f5c021d0fceca08d945a12be82de4d1ece6b4c03145b5d3495d4ed5411eb878daf05fd7afc3e09ada0f1126422f590975a1969816f48698bcbba1b4d9cae79d460d8f
<details>
<summary>英文:</summary>
I am trying to test RSAOAEP decryption using [google/wycheproof](https://github.com/google/wycheproof/blob/master/testvectors/rsa_oaep_2048_sha256_mgf1sha256_test.json) test vectors.
Below is the snippet of testvectors
&lt;!-- begin snippet: js hide: false console: true babel: false --&gt;
&lt;!-- language: lang-html --&gt;
&quot;testGroups&quot; : [
{
&quot;privateKeyPem&quot; : &quot;-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAorRRoH0KpfluRVZxUTVQUUqKW0YuvvcXCU+h/ugiJOY3+XRt\nP3yv0xh42AMltu9aFwD2WQO0aUKeidbqyIRQl7WrOTGJ25JRLtincRoSU/rNIPec\nFegkfz0+QuRuSMmOJUov6XZTE6A+/48X4aApOXofomqNzib0kO2BKZYV2YFMItph\nBCjgnH2WWFlCZvXAIdD87KCNlFoSvoLeTR7Oa0wDFFtdNJXU7VQR64eNrwX9evw+\nCa2g8RJkIvWQl1oZaYFvSGmLy7obTZyuedRg2Pn4Xnl1AF2bwixOWsD3waRdElaa\nYoB9O5oC5aUw53MGb0U9H1tMLpz3ggKD90K51QIDAQABAoIBAHYn7vNWeyonJo5S\nBT7NMcOnFyzLndzugZswals8ZrdXPKT6iO/G88SgC/oK5xOfZFQ6Taw9BYI/b/R3\nz87IT+KsemixcgSzkCMuEQMQxOiZxOfBCWfbSs3gQtu/GdvgC0tHQd4QIKqq/7UF\nTHl8nxNvfZOsP8jK/2ZUJC14IevuUXv1N/RDZqD91FrgW5kJwubMHtkoHv9Dmfds\nlrliM+wprgu/DXUrI0/BlzifUQUKoazQHAdMOsj7256otlGpWZXo20rVxDtshnPl\noSbn7pS43/TFr8ASWbyNp2lQuub4uucV9QmFsNb2bQTG/vO3AHIO7NzfFxu3sey+\nconEZ8ECgYEA3EMQUPeC6JT7UkgkfZjLfVi40eJPO1XQQcVuTeCGsNW7AovaQu61\n0jTVaB5YCdQV5qKJrUz794+Xj2w1gU9Q7r/xxbgKafeI6B5rq13ap4Np1lnRQ+xv\nF+eYE6V1z62cVpFWuQET4ukRCtnntIock0im5lMyEZEpDqNs+zpbGPECgYEAvRqB\n55d/mJgSInOuMiK1mOpfsZ606rw4MIpeMhlmA7LlAP+3n1uIaBZhHevEcvrEVUQH\nC+sFfJQTeKaGivO3oD0/mIDsR9XgiblPveVCq6mujXLFcIjXq/WxMfOQmPe8Fg+Q\nU2q8lJL9Tgbz7XKZ1Ll7sDZ3IH2VZp8UDPvCDyUCgYEAqUtSiyjykVmRIdkZUv/R\nx/IdfBR52Z1HiIX7Fhhw7hIYvwhHJhLb5Ul+jZxlBojgnHhpYa4+LDVNxIrjRRR1\nnEwjxFiEiJYdwGtBTmHA4ef7vSkj0xUy/iifltoiBxHljBQBmAjgBBQnaTO7B+Tv\nubSps3ZWkXIFIJ8z8JUV18ECgYA68OcqkzrvCf8lA994uv7VMcAv8aK8Q3xUDNy9\nStNUNc9RF2NZZUNIBimxFMp/eA/376MuoMtuAA1tnqHy73H9nPmUhCKhZVV+N+dV\n7f5w2QuSBQLrR4vJimP3iM46D4Vtbt5yUaODv6j6SAqBqSWvezzFOMS6uMn3WX/7\naAEdjQKBgCZA+/vP77Fj7nqHtkg6Zu5B+VbZD6ink5v8BC7gkksbeZPQRF91jVGT\nPoUXnAMgsMlotIqRw4tb6SPhCXwMVi+I1CKUtqJ1m6+lQop08ScIdORfb8xg8hYC\n3l7M0UPPMSQfWSG1rTmD+1TvF747KFNn5QyZnGcke1Uv5L/OlF97\n-----END RSA PRIVATE KEY-----&quot;,
&quot;privateKeyPkcs8&quot; : &quot;308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100a2b451a07d0aa5f96e455671513550514a8a5b462ebef717094fa1fee82224e637f9746d3f7cafd31878d80325b6ef5a1700f65903b469429e89d6eac8845097b5ab393189db92512ed8a7711a1253facd20f79c15e8247f3d3e42e46e48c98e254a2fe9765313a03eff8f17e1a029397a1fa26a8dce26f490ed81299615d9814c22da610428e09c7d9658594266f5c021d0fceca08d945a12be82de4d1ece6b4c03145b5d3495d4ed5411eb878daf05fd7afc3e09ada0f1126422f590975a1969816f48698bcbba1b4d9cae79d460d8f9f85e7975005d9bc22c4e5ac0f7c1a45d12569a62807d3b9a02e5a530e773066f453d1f5b4c2e9cf7820283f742b9d50203010001028201007627eef3567b2a27268e52053ecd31c3a7172ccb9ddcee819b306a5b3c66b7573ca4fa88efc6f3c4a00bfa0ae7139f64543a4dac3d05823f6ff477cfcec84fe2ac7a68b17204b390232e110310c4e899c4e7c10967db4acde042dbbf19dbe00b4b4741de1020aaaaffb5054c797c9f136f7d93ac3fc8caff6654242d7821ebee517bf537f44366a0fdd45ae05b9909c2e6cc1ed9281eff4399f76c96b96233ec29ae0bbf0d752b234fc197389f51050aa1acd01c074c3ac8fbdb9ea8b651a95995e8db4ad5c43b6c8673e5a126e7ee94b8dff4c5afc01259bc8da76950bae6f8bae715f50985b0d6f66d04c6fef3b700720eecdcdf171bb7b1ecbe7289c467c102818100dc431050f782e894fb5248247d98cb7d58b8d1e24f3b55d041c56e4de086b0d5bb028bda42eeb5d234d5681e5809d415e6a289ad4cfbf78f978f6c35814f50eebff1c5b80a69f788e81e6bab5ddaa78369d659d143ec6f17e79813a575cfad9c569156b90113e2e9110ad9e7b48a1c9348a6e653321191290ea36cfb3a5b18f102818100bd1a81e7977f9898122273ae3222b598ea5fb19eb4eabc38308a5e32196603b2e500ffb79f5b886816611debc472fac45544070beb057c941378a6868af3b7a03d3f9880ec47d5e089b94fbde542aba9ae8d72c57088d7abf5b131f39098f7bc160f90536abc9492fd4e06f3ed7299d4b97bb03677207d95669f140cfbc20f2502818100a94b528b28f291599121d91952ffd1c7f21d7c1479d99d478885fb161870ee1218bf08472612dbe5497e8d9c650688e09c786961ae3e2c354dc48ae34514759c4c23c4588488961dc06b414e61c0e1e7fbbd2923d31532fe289f96da220711e58c14019808e00414276933bb07e4efb9b4a9b37656917205209f33f09515d7c10281803af0e72a933aef09ff2503df78bafed531c02ff1a2bc437c540cdcbd4ad35435cf511763596543480629b114ca7f780ff7efa32ea0cb6e000d6d9ea1f2ef71fd9cf9948422a165557e37e755edfe70d90b920502eb478bc98a63f788ce3a0f856d6ede7251a383bfa8fa480a81a925af7b3cc538c4bab8c9f7597ffb68011d8d0281802640fbfbcfefb163ee7a87b6483a66ee41f956d90fa8a7939bfc042ee0924b1b7993d0445f758d51933e85179c0320b0c968b48a91c38b5be923e1097c0c562f88d42294b6a2759bafa5428a74f1270874e45f6fcc60f21602de5eccd143cf31241f5921b5ad3983fb54ef17be3b285367e50c999c67247b552fe4bfce945f7b&quot;,
&quot;sha&quot; : &quot;SHA-256&quot;,
&quot;type&quot; : &quot;RsaesOaepDecrypt&quot;,
&quot;tests&quot; : [
{
&quot;tcId&quot; : 1,
&quot;comment&quot; : &quot;&quot;,
&quot;msg&quot; : &quot;&quot;,
&quot;ct&quot; : &quot;6e62bf24d95aff6868afec2a92a445b6458f16f688c19fe1212f66a63137831653cedd359d8cff4dd485d77dfd55812c181373201f54aafd65730d2a304e623455d51125d891e65d97fce52341cae45fb64c38a384a1c621e2713ee6794633f029a9fd4d774f56551eac2176162e162640f25eab873a3451c475570f19228bcede4c67c370a75ed7fabccd538c9819eff182481b10d42f1a9f6a05373b8cf9b71818d467bd3b8ebacb619e8ad42916e600c043effceb3855bc48a629e60ae886f51b2a7876b0e623fb2ce68af4b039242f963adb0e4240aed0ed07f65f1ee7c0cc77d210d0c2d1dc10c81b881aa0c9c9e9499665cf2970d2ccfeeb3191531765&quot;,
&quot;label&quot; : &quot;&quot;,
&quot;result&quot; : &quot;valid&quot;,
&quot;flags&quot; : []
}
&lt;!-- end snippet --&gt;
PrivateKey is given in pem and pkcs8 format.
Below is my sample code that I am trying but it is throwing &quot;Data must not be longer than 256 bytes&quot; error.
&lt;!-- begin snippet: js hide: false console: true babel: false --&gt;
&lt;!-- language: lang-html --&gt;
public byte[] decrypt(JSONObject testVector, String privateKeyPkcs8) throws Exception {
byte[] ciphertext = Base64.getDecoder().decode(testVector.getString(&quot;ct&quot;));
byte[] temp = HexFormat.of().parseHex(privateKeyPkcs8);
KeyFactory keyFactory = KeyFactory.getInstance(&quot;RSA&quot;);
PrivateKey privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(temp));
String cipherTransformation = &quot;RSA/ECB/OAEPWithSHA-256AndMGF1Padding&quot;;
Cipher cipher = Cipher.getInstance(cipherTransformation);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] plaintext = cipher.doFinal(ciphertext);
return plaintext;
}
&lt;!-- end snippet --&gt;
It looks like privateKeyPkcs8 is given in hex format. So I converted it into byte array and extracted the private key from it.
Can you please help what I am doing wrong here ?
</details>
# 答案1
**得分**: 1
在代码中存在两个问题:
- 密文是十六进制编码的,因此必须进行十六进制解码(而不是Base64解码)。
- SunJCE提供程序默认使用SHA-1作为MGF1摘要(*RSA/ECB/OAEPWithSHA-256AndMGF1Padding*中的*SHA-256*是指OAEP摘要),因此必须通过[`OAEPParameterSpec`][1]显式指定SHA-256作为MGF1摘要。
修复方法:
```java
String privateKeyPkcs8 = "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100a2b451a07d0aa5f96e455671513550514a8a5b462ebef717094fa1fee82224e637f9746d3f7cafd31878d80325b6ef5a1700f65903b469429e89d6eac8845097b5ab393189db92512ed8a7711a1253facd20f79c15e8247f3d3e42e46e48c98e254a2fe9765313a03eff8f17e1a029397a1fa26a8dce26f490ed81299615d9814c22da610428e09c7d9658594266f5c021d0fceca08d945a12be82de4d1ece6b4c03145b5d3495d4ed5411eb878daf05fd7afc3e09ada0f1126422f590975a1969816f48698bcbba1b4d9cae79d460d8f9f85e7975005d9bc22c4e5ac0f7c1a45d12569a62807d3b9a02e5a530e773066f453d1f5b4c2e9cf7820283f742b9d50203010001028201007627eef3567b2a27268e52053ecd31c3a7172ccb9ddcee819b306a5b3c66b7573ca4fa88efc6f3c4a00bfa0ae7139f64543a4dac3d05823f6ff477cfcec84fe2ac7a68b17204b390232e110310c4e899c4e7c10967db4acde042dbbf19dbe00b4b4741de1020aaaaffb5054c797c9f136f7d93ac3fc8caff6654242d7821ebee517bf537f44366a0fdd45ae05b9909c2e6cc1ed9281eff4399f76c96b96233ec29ae0bbf0d752b234fc197389f51050aa1acd01c074c3ac8fbdb9ea8b651a95995e8db4ad5c43b6c8673e5a126e7ee94b8dff4c5afc01259bc8da76950bae6f8bae715f50985b0d6f66d04c6fef3b700720eecdcdf171bb7b1ecbe7289c467c102818100dc431050f782e894fb5248247d98cb7d58b8d1e24f3b55d041c56e4de086b0d5bb028bda42eeb5d234d5681e5809d415e6a289ad4cfbf78f978f6c35814f50eebff1c5b80a69f788e81e6bab5ddaa78369d659d143ec6f17e79813a575cfad9c569156b90113e2e9110ad9e7b48a1c9348a6e653321191290ea36cfb3a5b18f102818100bd1a81e7977f9898122273ae3222b598ea5fb19eb4eabc38308a5e32196603b2e500ffb79f5b886816611debc472fac45544070beb057c941378a6868af3b7a03d3f9880ec47d5e089b94fbde542aba9ae8d72c57088d7abf5b131f39098f7bc160f90536abc9492fd4e06f3ed7299d4b97bb03677207d95669f140cfbc20f2502818100a94b528b28f291599121d91952ffd1c7f21d7c1479d99d478885fb161870ee1218bf08472612dbe5497e8d9c650688e09c786961ae3e2c354dc48ae34514759c4c23c4588488961dc06b414e61c0e1e7fbbd2923d31532fe289f96da220711e58c14019808e00414276933bb07e4efb9b4a9b37656917205209f33f09515d7c10281803af0e72a933aef09ff2503df78bafed531c02ff1a2bc437c540cdcbd4ad35435cf511763596543480629b114ca7f780ff7efa32ea0cb6e000d6d9ea1f2ef71fd9cf9948422a165557e37e755edfe70d90b920502eb478bc98a63f788ce3a0f856d6ede7251a383bfa8fa480a81a925af7b3cc538c4bab8c9f7597ffb68011d8d0281802640fbfbcfefb163ee7a87b6483a66ee41f956d90fa8a7939bfc042ee0924b1b7993d0445f758d51933e85179c0320b0c968b48a91c38b5be923e1097c0c562f88d42294b6a2759bafa5428a74f1270874e45f6fcc60f21602de5eccd143cf31241f5921b5ad3983fb54ef17be3b285367e50c999c67247b552fe4bfce945f7b";
String testvector = "6e62bf24d95aff6868afec2a92a445b6458f16f688c19fe1212
<details>
<summary>英文:</summary>
There are two problems in the code:
- The ciphertext is hex encoded and therefore must be hex (and not Base64) decoded.
- The SunJCE provider defaults to SHA-1 for the MGF1 digest (the *SHA-256* in *RSA/ECB/OAEPWithSHA-256AndMGF1Padding* refers to the OAEP digest), so SHA-256 must be *explicitly* specified for the MGF1 digest via [`OAEPParameterSpec`][1].  
For the role of OAEP and MGF1 digest s. [RFC8017, sec. 7.1.  RSAES-OAEP][2]
Fix:
```java
String privateKeyPkcs8 = &quot;308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100a2b451a07d0aa5f96e455671513550514a8a5b462ebef717094fa1fee82224e637f9746d3f7cafd31878d80325b6ef5a1700f65903b469429e89d6eac8845097b5ab393189db92512ed8a7711a1253facd20f79c15e8247f3d3e42e46e48c98e254a2fe9765313a03eff8f17e1a029397a1fa26a8dce26f490ed81299615d9814c22da610428e09c7d9658594266f5c021d0fceca08d945a12be82de4d1ece6b4c03145b5d3495d4ed5411eb878daf05fd7afc3e09ada0f1126422f590975a1969816f48698bcbba1b4d9cae79d460d8f9f85e7975005d9bc22c4e5ac0f7c1a45d12569a62807d3b9a02e5a530e773066f453d1f5b4c2e9cf7820283f742b9d50203010001028201007627eef3567b2a27268e52053ecd31c3a7172ccb9ddcee819b306a5b3c66b7573ca4fa88efc6f3c4a00bfa0ae7139f64543a4dac3d05823f6ff477cfcec84fe2ac7a68b17204b390232e110310c4e899c4e7c10967db4acde042dbbf19dbe00b4b4741de1020aaaaffb5054c797c9f136f7d93ac3fc8caff6654242d7821ebee517bf537f44366a0fdd45ae05b9909c2e6cc1ed9281eff4399f76c96b96233ec29ae0bbf0d752b234fc197389f51050aa1acd01c074c3ac8fbdb9ea8b651a95995e8db4ad5c43b6c8673e5a126e7ee94b8dff4c5afc01259bc8da76950bae6f8bae715f50985b0d6f66d04c6fef3b700720eecdcdf171bb7b1ecbe7289c467c102818100dc431050f782e894fb5248247d98cb7d58b8d1e24f3b55d041c56e4de086b0d5bb028bda42eeb5d234d5681e5809d415e6a289ad4cfbf78f978f6c35814f50eebff1c5b80a69f788e81e6bab5ddaa78369d659d143ec6f17e79813a575cfad9c569156b90113e2e9110ad9e7b48a1c9348a6e653321191290ea36cfb3a5b18f102818100bd1a81e7977f9898122273ae3222b598ea5fb19eb4eabc38308a5e32196603b2e500ffb79f5b886816611debc472fac45544070beb057c941378a6868af3b7a03d3f9880ec47d5e089b94fbde542aba9ae8d72c57088d7abf5b131f39098f7bc160f90536abc9492fd4e06f3ed7299d4b97bb03677207d95669f140cfbc20f2502818100a94b528b28f291599121d91952ffd1c7f21d7c1479d99d478885fb161870ee1218bf08472612dbe5497e8d9c650688e09c786961ae3e2c354dc48ae34514759c4c23c4588488961dc06b414e61c0e1e7fbbd2923d31532fe289f96da220711e58c14019808e00414276933bb07e4efb9b4a9b37656917205209f33f09515d7c10281803af0e72a933aef09ff2503df78bafed531c02ff1a2bc437c540cdcbd4ad35435cf511763596543480629b114ca7f780ff7efa32ea0cb6e000d6d9ea1f2ef71fd9cf9948422a165557e37e755edfe70d90b920502eb478bc98a63f788ce3a0f856d6ede7251a383bfa8fa480a81a925af7b3cc538c4bab8c9f7597ffb68011d8d0281802640fbfbcfefb163ee7a87b6483a66ee41f956d90fa8a7939bfc042ee0924b1b7993d0445f758d51933e85179c0320b0c968b48a91c38b5be923e1097c0c562f88d42294b6a2759bafa5428a74f1270874e45f6fcc60f21602de5eccd143cf31241f5921b5ad3983fb54ef17be3b285367e50c999c67247b552fe4bfce945f7b&quot;;
String testvector = &quot;6e62bf24d95aff6868afec2a92a445b6458f16f688c19fe1212f66a63137831653cedd359d8cff4dd485d77dfd55812c181373201f54aafd65730d2a304e623455d51125d891e65d97fce52341cae45fb64c38a384a1c621e2713ee6794633f029a9fd4d774f56551eac2176162e162640f25eab873a3451c475570f19228bcede4c67c370a75ed7fabccd538c9819eff182481b10d42f1a9f6a05373b8cf9b71818d467bd3b8ebacb619e8ad42916e600c043effceb3855bc48a629e60ae886f51b2a7876b0e623fb2ce68af4b039242f963adb0e4240aed0ed07f65f1ee7c0cc77d210d0c2d1dc10c81b881aa0c9c9e9499665cf2970d2ccfeeb3191531765&quot;;
byte[] ciphertext = HexFormat.of().parseHex(testvector); // Fix 1: hex decoding
byte[] key = HexFormat.of().parseHex(privateKeyPkcs8);
KeyFactory keyFactory = KeyFactory.getInstance(&quot;RSA&quot;);
PrivateKey privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(key));
OAEPParameterSpec oaepParameterSpec = new OAEPParameterSpec(&quot;SHA-256&quot;, &quot;MGF1&quot;, MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); // Fix 2: specify SHA256 as MGF1 digest
String cipherTransformation = &quot;RSA/ECB/OAEPPadding&quot;;
Cipher cipher = Cipher.getInstance(cipherTransformation);
cipher.init(Cipher.DECRYPT_MODE, privateKey, oaepParameterSpec);
byte[] plaintext = cipher.doFinal(ciphertext);
System.out.println(new String(plaintext, StandardCharsets.UTF_8));

The plaintext is an empty byte[] (as specified in the test vector).


For completeness, unlike the SunJCE provider, the also commonly used BouncyCastle provider defaults to SHA-256 for the MGF1 digest when RSA/ECB/OAEPWithSHA-256AndMGF1Padding is applied.

huangapple
  • 本文由 发表于 2023年7月12日 21:18:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/76671033.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定