Page MenuHome GnuPG

Disable RSA PKCS #1.5 encryption in FIPS mode
Open, HighPublic

Description

Our reading of NIST.SP.800-131Ar2 is that the "PKCS1-v1_5 padding" is deprecated and will be disallowed after 2023 for RSA encryption. It should be still possible to use it in the signature schemes as long as the key size is at least 2k (we have already covered this requirement). See the page 15 of the following document:

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf

The proposed change should be pretty specific. I included also test cases adjustments to verify the encryption with pkcs1 flags do not work when we are in FIPS mode.

See external link for the patch in gitlab with tests run results.

Related Objects