javax. crypto. Which padding does cipher use for RSA

Java

I need to decrypt messages through RSA to send messages through insecure channels, but I'm afraid of padding Oracle attack Therefore, I have asked the following questions:

> How to verify the integrity of RSA encrypted messages? > How to ensure message integrity for RSA ciphers by using javax. crypto. Cipher

As suggested in the first question,

I shouldn't think about it As far as I know, pkcs#1 v1 The RSA implementation of 5 is vulnerable to padding Oracle attacks, so oaep is not (assuming it has been implemented correctly)

Therefore, I would like to know the javax of Java 7 crypt. Which padding implementation does cipher use

Solution

It depends on the selected or default provider. When you instantiate a password without fully qualifying it, which padding is actually used:

Cipher.getInstance("RSA")

This is a bad practice, because if you switch the Java implementation, there may be different default values. Suddenly, you will no longer be compatible with the old ciphertext Always match the password exactly

As I said before, the default may be PKCs #1 v1.0 (there are many providers, one can't be sure) 5 filling If you need another, you must specify it If you want to use oaep, here is a fully qualified password string from here:

Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>