cannot transit decrypt RSA

[moh...@dovetaillab.com]

Hi,

I generated a "rsa-2048" using vault. And using its vault public key I encrypted a text using Java RSA library. But now I cant decrypt the cipher using vault transit decrypt? 

But if I use encrypt using vault and decrypt it works perfectly. But when I encrypt using java RSA library and try to decrypt using vault it throws below error.

 {"errors":["1 error occurred:\n\n* failed to RSA decrypt the ciphertext: crypto/rsa: decryption error"]}

any help would be great. thanks

[Chris Hoffman]

What padding are you using when encrypting with the Java library?  Vault uses OAEP with SHA256 for padding.

Chris

CONFIDENTIAL NOTICE: The information contained in this email and accompanying data are intended only for the person or entity to which it is addressed and may contain confidential and / or privileged material.  If you are not the intended recipient of this email, the use of this information or any disclosure, copying or distribution is prohibited and may be unlawful.  If you received this in error, please contact the sender and delete all copies of this message and attachments.

Internet communications are not secure and therefore Dovetail Digital Limited does not accept legal responsibility for the contents of this message as it has been transmitted over a public network.

Please note that Dovetail Digital Limited monitors incoming and outgoing mail for compliance with its privacy and security policy. This includes scanning emails for computer viruses.

Dovetail Digital Limited is a private limited company registered in England under Company Number 10867961, with the Registered Office at 3 Kingfisher Court, Bowesfield Park, Stockton On Tees, England, TS18 3EX. The Company's VAT registration number is 282 7671 70.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/9703bfb5-da8d-47ca-a875-699ed01ab5dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[moh...@dovetaillab.com]

I was using plain RSA, but now changed the source code to below and still getting the same error.

fun encrypt(message: ByteArray, publicKeyBase64: String): String {
    val publicKeyStr = Base64.decodeBase64(publicKeyBase64)
    val publicKey = KeyFactory.getInstance("RSA")
            .generatePublic(X509EncodedKeySpec(publicKeyStr))

    with(Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding")) {
        init(Cipher.PUBLIC_KEY, publicKey)
        val encryptedAesKey = doFinal(message)
        return Base64.encodeBase64String(encryptedAesKey)
    }
}

tried RSA/ECB/OAEPWithSHA-1AndMGF1Padding also but same error

[Mohamed Rifni]

does my java/kotlin encrypt code make sense ? it does the encryption but when I try to decrypt it using vault it doesnt work.

To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/8bed1ed6-a334-4d07-8c13-4809ace4189f%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Mohamed Rifni]

it works now when I add the below change

val oaepParameterSpec = OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)
init(Cipher.ENCRYPT_MODE, publicKey, oaepParameterSpec)