Page MenuHome GnuPG

Disable RSA PKCS #1.5 encryption in FIPS mode
Closed, ResolvedPublic

Description

Our reading of NIST.SP.800-131Ar2 is that the "PKCS1-v1_5 padding" is deprecated and will be disallowed after 2023 for RSA encryption. It should be still possible to use it in the signature schemes as long as the key size is at least 2k (we have already covered this requirement). See the page 15 of the following document:

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf

The proposed change should be pretty specific. I included also test cases adjustments to verify the encryption with pkcs1 flags do not work when we are in FIPS mode.

See external link for the patch in gitlab with tests run results.

Event Timeline

gniibe moved this task from Backlog to Next on the FIPS board.
werner changed the task status from Open to Testing.Sep 22 2022, 11:01 AM
werner removed a project: Restricted Project.