问题 We've to decrypt a ciphertext encrypted using RSA OAEP and we're trying to use RsaCng. The ciphertext was produced using Java, and the Java API allows you to specify a different hash function for the label and for the mask generation function (MGF1). In this specific case, SHA-256 was used in the first case and SHA-1 in the second (yes, not a good idea but we have no control over this). Now, from what I understand using RsaCng I can only specify one hash function (using RSAEncryptionPadding