Hello Nicolas, Niels, Now that another attack on RSA encryption with PKCS#1 v1.5 padding has been discovered (though Nettle is not vulnerable)[1], it is recommended to avoid using the v1.5 scheme in new applications[2][3], and thus supporting RSA-OAEP in Nettle is becoming more relevant.
I made some modifications to the existing merge request[4], mainly to make it side-channel safe at decryption: https://git.lysator.liu.se/nettle/nettle/-/merge_requests/60 Could you take a look when you have time? Footnotes: [1] https://people.redhat.com/~hkario/marvin/ [2] https://datatracker.ietf.org/doc/draft-kario-rsa-guidance/ [3] https://github.com/checkpoint-restore/criu/pull/2297#discussion_r1420116692 [4] https://git.lysator.liu.se/nettle/nettle/-/merge_requests/20 Regards, -- Daiki Ueno _______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se