Java的RSA / ECB / OAEPWITHSHA-256ANDMGF1PADDING在PHP中等效

Question

I have a case where a 'secret' is coming to me from a Java App and it's cipher'd using a public key and the RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING cipher. I'm trying to decipher it at my end, but I'm not sure how to get the equivalent of that cipher. I've been using phpseclib for other security stuff, and I've tried the OAEP encryption mode in there, but to no avail. I just get a decrypt error with no information. I just want to state that the keys are correct:

function oaes_decrypt($ciphertext, $privatekey) {
    $rsa = new \Crypt_RSA();
    $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_OAEP);
    $rsa->setMGFHash('sha256');
    $rsa->setHash('sha256');
    $rsa->loadKey($privatekey);

    return $rsa->decrypt($ciphertext);
}

Any help will be greatly appreciated! Thank you!

Answer 1

Try $rsa->setMGFHash('sha1'); The SHA-256 in RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING doesn't refer to the MGF1 hash. To have that be sha256 you'd have to be doing this:

Cipher oaepFromInit = Cipher.getInstance("RSA/ECB/OAEPPadding");
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSpecified.DEFAULT);
oaepFromInit.init(Cipher.DECRYPT_MODE, privkey, oaepParams);
byte[] pt = oaepFromInit.doFinal(ct);
System.out.println(new String(pt, StandardCharsets.UTF_8));

The final result, that works, in PHP:

function oaes_decrypt($ciphertext, $privatekey) {
    $rsa = new \Crypt_RSA();
    $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_OAEP);
    $rsa->setMGFHash('sha1');
    $rsa->setHash('sha256');
    $rsa->loadKey($privatekey);

    return $rsa->decrypt($ciphertext);
}