Support for encryption padding scheme OAEP #528
Comments
faarbaek
changed the title
|
None of the .NET platforms (.NETFramework up through 4.8 nor .NETStandard up through 2.0) support OAEP, hence why I gave up trying to implement support for it. |
|
Maybe I'm having this completely wrong, but hasn't this been supported in .NET since 4.6? See https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsaencryptionpaddingmode . Anyway, looking forward to using this in Mimekit. |
|
@ydhondt Maybe you know something I don't, but how would I use that with EnvelopedCms? :-) It would also be nice if someone could explain how to use RSAES-OAEP with BouncyCastle. |
|
I think I've successfully implemented RSAES-OAEP w/ SHA1 using the BouncyCastle backend, but I can't get SHA256, SHA384 or SHA512 to work. |
|
D'oh, I was encrypting w/ RSAES-OAEP using SHA-1 even when I specified SHA-256/384/512 but encoded the correct algorithm used in the output, so obviously could not decrypt it :-\ RSAES-OAEP seems to be working now when using the BouncyCastle backend. |
|
bcgit/bc-csharp#222 may indicate that CMS data generated by BouncyCastle may not be decodable by OpenSSL or NetCore 3.1 when using RSAES-OAEP. |
|
bcgit/bc-csharp#161 also not good news :-\ |
|
I'm using mimekit in combination with EWS Managed API to send signed and encrypted mails. The latter is stuck at the .Net Framework. There is a community port to .Net Core but I have not tried it yet. I have also been using mimekit on .Net Core in combination with MS Graph but since that does not yet support the insertion of mime messages, I'm only using this to retrieve and decrypt messages. That already works with RSAES-OAEP. It seems BC picks that up correctly. |
|
Thanks. The reason I'm asking is because I noticed that Net Core 3.1 seems to have properties on |
|
@jstedfast we're using .NET Core. We're currently using version 2.2, but can easily upgrade to 3.1. So just to be clear: Is the OAEP padding scheme supported (out-of-the-box) just by upgrading to .NET Core 3.1 |
|
@faarbaek no, that’s not what I’m saying. I’m just noting that .NET Core 3.1 has APIs that would make implementing this feature possible for that framework. None of the other frameworks (not even .NET 4.8) have the APIs necessary to implement this. |
|
@faarbaek @ydhondt are you guys ok with using a BouncyCastleSecureMimeContext? Or do you guys need to use a WindowsSecureMimeContext? Seems that I would have to target NetCoreApp3.0 to get the CmsRecipient API that I need in order for WindowsSecureMimeContext to work and even then, it won't be enough for RSASSA-PSS. |
…App3.0 to the build) "Finishes" the fix for issue #528
|
More-or-less all there is left to do is to edit MimeKit.NetStandard.csproj and apply this patch: diff --git a/MimeKit/MimeKit.NetStandard.csproj b/MimeKit/MimeKit.NetStandard.csproj
index 31f21ab7..7cb6b6fc 100644
--- a/MimeKit/MimeKit.NetStandard.csproj
+++ b/MimeKit/MimeKit.NetStandard.csproj
@@ -5,7 +5,7 @@
<AssemblyTitle>MimeKit</AssemblyTitle>
<VersionPrefix>2.4.1</VersionPrefix>
<Authors>Jeffrey Stedfast</Authors>
- <TargetFrameworks>netstandard1.3;netstandard1.6;netstandard2.0;net46;net47;net48</TargetFrameworks>
+ <TargetFrameworks>netstandard1.3;netstandard1.6;netstandard2.0;net46;net47;net48;netcoreapp3.0</TargetFrameworks>
<GenerateDocumentationFile>true</GenerateDocumentationFile>
<EnableDefaultCompileItems>false</EnableDefaultCompileItems>
<AssemblyName>MimeKit</AssemblyName>
diff --git a/nuget/MimeKit.nuspec b/nuget/MimeKit.nuspec
index 6f285a13..b1dc691c 100644
--- a/nuget/MimeKit.nuspec
+++ b/nuget/MimeKit.nuspec
@@ -100,9 +100,19 @@
<dependency id="System.Data.Common" version="4.3.0" />
<dependency id="Portable.BouncyCastle" version="1.8.5" />
</group>
+ <group targetFramework="netcoreapp3.0">
+ <dependency id="System.Security.Cryptography.Pkcs" version="4.6.0" />
+ <dependency id="System.Reflection.TypeExtensions" version="4.3.0" />
+ <dependency id="System.Globalization.Extensions" version="4.3.0" />
+ <dependency id="System.Text.Encoding.CodePages" version="4.3.0" />
+ <dependency id="System.Data.Common" version="4.3.0" />
+ <dependency id="Portable.BouncyCastle" version="1.8.5" />
+ </group>
</dependencies>
</metadata>
<files>
+ <file src="..\MimeKit\bin\Release\netcoreapp3.0\MimeKit.dll" target="lib\netcoreapp3.0\MimeKit.dll" />
+ <file src="..\MimeKit\bin\Release\netcoreapp3.0\MimeKit.xml" target="lib\netcoreapp3.0\MimeKit.xml" />
<file src="..\MimeKit\bin\Release\netstandard1.3\MimeKit.dll" target="lib\netstandard1.3\MimeKit.dll" />
<file src="..\MimeKit\bin\Release\netstandard1.3\MimeKit.xml" target="lib\netstandard1.3\MimeKit.xml" />
<file src="..\MimeKit\bin\Release\netstandard1.6\MimeKit.dll" target="lib\netstandard1.6\MimeKit.dll" /> |
|
I need someone to test the WindowsSecureMimeContext implementation to make sure it works. (I'm on Mac and can't test it) |
|
Has anyone tested this for me? I'd love to make a release pretty early in the new year. |
|
It's impossible for a library project to target netcoreapp3.x and netstandard2.0 does not support this, so the only way to get support for this using the Windows SDKs. You have to use BouncyCastle. |
A while ago, MimeKit got support for using the signing padding scheme PSS, which is really nice.
I would like it to also support the encryption padding scheme OAEP, as we have some 3rd parties that require this when encrypting e-mails.
The enum RsaEncryptionPaddingScheme (and value Oaep) is already defined in the repo, but it's not used anywhere.
The text was updated successfully, but these errors were encountered: