问题
We've to decrypt a ciphertext encrypted using RSA OAEP and we're trying to use RsaCng. The ciphertext was produced using Java, and the Java API allows you to specify a different hash function for the label and for the mask generation function (MGF1). In this specific case, SHA-256 was used in the first case and SHA-1 in the second (yes, not a good idea but we have no control over this).
Now, from what I understand using RsaCng I can only specify one hash function (using RSAEncryptionPadding.OaepXXX) and this function will be used in both places. This means that I will always fail to decrypt the ciphertext. Is there any way to work around this using CNG? Looking at the low-level Win API C functions (BCryptDecrypt) it looks the same limitation exists. I believe BouncyCastle allows this flexibility but due to the requirement of integration with an HSM, we cannot use BC.
Thank you for your help,
Dinis
来源:https://stackoverflow.com/questions/58747521/different-label-and-mgf1-hash-functions-using-rsacng-with-oaep