DataPower

DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

RSA-OAEP with mask generation function and SHA-256 do not work

  • 1.  RSA-OAEP with mask generation function and SHA-256 do not work

    Posted Wed September 06, 2023 10:55 AM

    Client is encrypting the session/symmetric key(AES-256-CBC)using below:

    RSA-OAEP with SHA-256 OAEPDigestAlgorithm and SHA-256 as algorithm for Mask Generation Function(MGF1). 

    RSA public key(2048 bit).

    At Datapower end we are trying to decrypt the key as below:

    dp:decrypt-key(<Base64EncodedEncryptedKey>,<RSA_Private_Key_Crypto_Object>,'http://www.w3.org/2009/xmlenc11#rsa-oaep','','http://www.w3.org/2001/04/xmlenc#sha256','http://www.w3.org/2009/xmlenc11#mgf1sha256')

    ISSUE: At Datapower end key decryption is failing by error "Key Decryption Failed".

    HOWEVER

    If client encrypts the session/symmetric key(AES-256-CBC)using below:

    RSA-OAEP with SHA-1 OAEPDigestAlgorithm and SHA-1 as algorithm for Mask Generation Function(MGF1)

    Datapower is able to decrypt the encrypted key using below:

    dp:decrypt-key(<Base64EncodedEncryptedKey>,<RSA_Private_Key_Crypto_Object>,'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p','','http://www.w3.org/2000/09/xmldsig#sha1')

    Any insight will be highly appreciated.



    ------------------------------
    Varun Rathore
    ------------------------------



Related Content