Skip to content

fix: Use of RSA algorithm without OAEP #490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Use of RSA algorithm without OAEP #490

wants to merge 1 commit into from

Conversation

ptrgits
Copy link

@ptrgits ptrgits commented Aug 12, 2025

Description of Fix
This update enhances the security of RSA encryption and decryption operations by ensuring that OAEP padding is consistently used instead of PKCS1Padding.

The following changes have been made:

  1. decryptAsymmetric method in DecryptionHelper.java

    • Updated the cipher initialization to use OAEP padding by replacing the ASYMMETRIC_CIPHER constant with the explicit transformation string "RSA/ECB/OAEPWithSHA-1AndMGF1Padding".
    • No other changes were made to the method’s logic.

  2. ASYMMETRIC_CIPHER constant in YotiConstants.java

    • Changed the value from PKCS1Padding to OAEP padding, setting it to "RSA/NONE/OAEPWithSHA1AndMGF1Padding".
    • This ensures that all usages of ASYMMETRIC_CIPHER across the codebase (including in DecryptionHelper.java) use OAEP padding for RSA decryption by default.
    • No additional changes are required unless compatibility with legacy systems using PKCS1Padding is explicitly needed (not applicable in the current context).

  3. encryptAsymmetric method in DecryptionHelper.java

    • Modified the cipher initialization to use OAEP padding by replacing the ASYMMETRIC_CIPHER constant with "RSA/ECB/OAEPWithSHA-1AndMGF1Padding".
    • Other usages of ASYMMETRIC_CIPHER remain unchanged.
    • No new imports were required, as the necessary classes are already available.

Impact
These changes ensure that RSA encryption and decryption operations use OAEP padding, which provides better security properties and mitigates the risk of padding oracle attacks.

References

Mobile Security Testing Guide
The Padding Oracle Attack
CWE-780

@ptrgits
fix: Use of RSA algorithm without OAEP
10e17b1 
**Impact**
These changes ensure that RSA encryption and decryption operations use OAEP padding, which provides better security properties and mitigates the risk of padding oracle attacks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@orangecurl orangecurl orangecurl approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ptrgits @orangecurl