[gnutls-help] OAEP supported?
freddy77 at gmail.com
Sat Oct 3 10:55:55 CEST 2015
I'm going mad trying to encrypt/decrypt some data using RSA with OAEP padding.
The detail. I'm trying to implement the part of a database server
(Sybase) to support
sending encrypted password instead of plain one. The server send a
public rsa key in
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
and some random data.
It uses RSA with OAEP (the message is the random data plus the password).
I would like to implement with GnuTLS but I found some problems:
- gnutls_pubkey_import_x509_raw does not recognizing the format above
as the only prefix it uses
is "PUBLIC KEY", not "RSA PUBLIC KEY". I'm actually working around using
gnutls_pem_base64_decode and using directly nettle_rsa_key_from_der_iterator;
- nettle does not support OAEP so the workaround was to implement a
instead of the rsa_encrypt_tr.
Now... this solution uses really few GnuTLS but a lot of lower level
functions (nettle and gmp
directly). OAEP is not that new in the RSA world so I think I'm doing
something wrong with
GnuTLS. Is there a way to this stuff with GnuTLS? I don't understand
the relationship between
GnuTLS and p11-kit modules. Looking at the code p11-kit module
supports OAEP but is not clear
how to use this module do to RSA encryption.
More information about the Gnutls-help