[gnutls-help] OAEP supported?

Sat Oct 3 10:55:55 CEST 2015

Hi,
  I'm going mad trying to encrypt/decrypt some data using RSA with OAEP padding.

The detail. I'm trying to implement the part of a database server
(Sybase) to support
sending encrypted password instead of plain one. The server send a
public rsa key in
this format:

and some random data.

It uses RSA with OAEP (the message is the random data plus the password).

I would like to implement with GnuTLS but I found some problems:
- gnutls_pubkey_import_x509_raw does not recognizing the format above
as the only prefix it uses
  is "PUBLIC KEY", not "RSA PUBLIC KEY". I'm actually working around using
  gnutls_pem_base64_decode and using directly nettle_rsa_key_from_der_iterator;
- nettle does not support OAEP so the workaround was to implement a
rsa_encrypt_oaep
  instead of the rsa_encrypt_tr.

Now... this solution uses really few GnuTLS but a lot of lower level
functions (nettle and gmp
directly). OAEP is not that new in the RSA world so I think I'm doing
something wrong with
GnuTLS. Is there a way to this stuff with GnuTLS? I don't understand
the relationship between
GnuTLS and p11-kit modules. Looking at the code p11-kit module
supports OAEP but is not clear
how to use this module do to RSA encryption.

Regards,
  Frediano