Hi! I stumbled into some encrypted data that the pkcs7 library was unable to decrypt because it only supports rsa.DecryptPKCS1v15 for decrypting the content key. My data was encrypted using 1.2.840.113549.1.1.7 - id-RSAES-OAEP, which must be decrypted using rsa.DecryptOAEP.
Modifying the following (decrypt.go) solves my problem:
var contentKey []byte
contentKey, err := rsa.DecryptPKCS1v15(rand.Reader, pkey, recipient.EncryptedKey)
if err != nil {
return nil, err
}
return data.EncryptedContentInfo.decrypt(contentKey)
My changes:
var contentKey []byte
var err error
switch {
case recipient.KeyEncryptionAlgorithm.Algorithm.Equal(OIDEncryptionAlgorithmidRSAESOAEP): //new algorithm
contentKey, err = rsa.DecryptOAEP(sha256.New(), rand.Reader, pkey, recipient.EncryptedKey, nil)
case recipient.KeyEncryptionAlgorithm.Algorithm.Equal(OIDEncryptionAlgorithmRSA):
contentKey, err = rsa.DecryptPKCS1v15(rand.Reader, pkey, recipient.EncryptedKey)
default:
err = errors.New("unsupported inner key encryption mechanism")
}
f err != nil {
return nil, err
}
return data.EncryptedContentInfo.decrypt(contentKey)
I don't know if there are any other ramifications to my changes, other than that you'd have to add a switch to the Encrypt function as well, but they solve my specific problem.
Hi! I stumbled into some encrypted data that the pkcs7 library was unable to decrypt because it only supports
rsa.DecryptPKCS1v15for decrypting the content key. My data was encrypted using1.2.840.113549.1.1.7 - id-RSAES-OAEP, which must be decrypted usingrsa.DecryptOAEP.Modifying the following (decrypt.go) solves my problem:
My changes:
I don't know if there are any other ramifications to my changes, other than that you'd have to add a switch to the Encrypt function as well, but they solve my specific problem.