Closed M-FF-M closed 7 years ago
M-FF-M
commented
7 years ago Just to be sure, I checked my code again - it's actually not necessary to add the line $rsa->setEncryptionMode($mode); to make the RSA encryption compatible with Java's "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", you only have to add $rsa->setHash('sha256').
Thus, I think my last post is irrelevant (as I can't say which hashing algorithm is supposed to be used in connection with RSA from the comments in the source code).
paragonie-scott
commented
7 years ago I wrote a Java library compatible with EasyRSA
EasyRSA is never meant to be compatible with anything except itself. If you need cross-platform compatibility, please use libsodium instead.
M-FF-M
commented
7 years ago EasyRSA is never meant to be compatible with anything except itself. If you need cross-platform compatibility, please use libsodium instead.
I would if I could. But it's only a private project anyway (more for fun and to get familiar with the most common encryption algorithms than for real security).
paragonie-scott
commented
7 years ago That's fine, but:
What's stopping you from using libsodium? It being a private project doesn't tell me much. If it's the inability to install PHP extensions in your production environment, see https://github.com/paragonie/sodium_compat for a polyfill.
M-FF-M
commented
7 years ago Great, I didn't know about the polyfill. I read an article somewhere (I can't remember where exactly) which said that you have to install a PHP extension to use libsodium and EasyRSA.php was actually mentioned as an alternative if you coudn't install extensions. That's why I was trying to use EasyRSA.php.
I will use libsodium now, thanks!
PS: It was still a nice exercise to write a EasyRSA.php-compatible Java library even though I probably commited a lot of security mistakes I don't know about.
paragonie-scott
commented
7 years ago I might need to update one of our older blog posts, it sounds like something I wrote last year.
PS: It was still a nice exercise to write a EasyRSA.php-compatible Java library even though I probably commited a lot of security mistakes I don't know about.
100% agreed. http://www.cryptofails.com/post/75204435608/write-crypto-code-dont-publish-it
jimmykane
commented
7 years ago Yep. It's that blog post. I reached here via that blog post. Thanks
On Thu, Aug 31, 2017, 4:43 PM Scott notifications@github.com wrote:
I might need to update one of our older blog posts, it sounds like something I wrote last year.
PS: It was still a nice exercise to write a EasyRSA.php-compatible Java library even though I probably commited a lot of security mistakes I don't know about.
100% agreed. http://www.cryptofails.com/post/75204435608/write-crypto-code-dont-publish-it
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/paragonie/EasyRSA/issues/14#issuecomment-326317703, or mute the thread https://github.com/notifications/unsubscribe-auth/ABNb8-g54alM0d3ofFv_O3KtX43xBK2Pks5sdsaXgaJpZM4PGhzV .
--
dimitrioskanellopoulos.com
I wrote a Java library compatible with EasyRSA. It is working but I had to change the code of the function getRsa (line 39 in EasyRSA.php) - I added the following lines: after line 44: $rsa->setHash('sha256'); after line 47: $rsa->setEncryptionMode($mode);
Before adding those lines, I wasn't able to decrypt the RSA part with Java, but after adding them I could decrypt the RSA part with algorithm "RSA/ECB/OAEPWithSHA-256AndMGF1Padding".
So, my question is: Is the code in EasyRSA.php wrong or is it supposed to be different from Java algorithm "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"?