You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you discover a potential security issue in AWS-LC for Rust we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a
public github issue, if in doubt contact AWS security first.
Problem:
At the moment it seems there is no way to get a Pkcs1PublicEncryptingKey with a custom n and e.
There already exists PublicKeyComponents::verify but this only handles signature verification, so having something for encryption does not seem out of scope.
Solution:
I think the simplest and ideal solution is to allow getting a PublicEncryptingKey from a PublicKeyComponents. This would best be done by adding a build_encrypting_key () helper. This should be trivial as all that would be required is to call build_rsa() and pass the resulting EVP_PKEY to PublicEncryptingKey::new.
Does this change any public APIs? Yes, would ideally allow converting a PublicKeyComponents to a PublicEncryptingKey
Which algorithm(s) will this impact? RSA
Requirements / Acceptance Criteria:
What must a solution address in order to solve the problem? How do we know the solution is complete?
RFC links: N/A
Related Issues: N/A
Will the Usage Guide or other documentation need to be updated? Yes
Testing: I am not sure about the testing requirements, from my eyes it seems trivial to implement.
Out of scope:
Enforcing the secure usage of these apis would likeley be out of scope, if the user wants to manually supply RSA parameters its likely for some more low-level operation.
The text was updated successfully, but these errors were encountered:
Your request and proposed change make sense to me. Before a PR for this can be merged, more testing for it will need to be added. We will also need to consider how the API change might fit in with some longer-term plans that we have.
Thanks for your consideration, I went ahead an implemented a test near the test for RsaPublicKeyComponents (just checks if building the key succeeds + encrypting a test message). Also fixed import order.
We have now released aws-lc-rs v1.11.1 that addresses this issue. This issue has been closed. Feel free to reopen this issue or open a new issue if you have any problems after upgrading. Thanks again for your report about this and the PR. We appreciate your contribution to our project!
Security issue notifications
If you discover a potential security issue in AWS-LC for Rust we ask that you notify AWS Security via our
vulnerability reporting page. Please do not create a
public github issue, if in doubt contact AWS security first.
Problem:
At the moment it seems there is no way to get a
Pkcs1PublicEncryptingKey
with a customn
ande
.There already exists
PublicKeyComponents::verify
but this only handles signature verification, so having something for encryption does not seem out of scope.Solution:
I think the simplest and ideal solution is to allow getting a
PublicEncryptingKey
from aPublicKeyComponents
. This would best be done by adding abuild_encrypting_key ()
helper. This should be trivial as all that would be required is to callbuild_rsa()
and pass the resultingEVP_PKEY
toPublicEncryptingKey::new
.PublicKeyComponents
to aPublicEncryptingKey
Requirements / Acceptance Criteria:
What must a solution address in order to solve the problem? How do we know the solution is complete?
Out of scope:
Enforcing the secure usage of these apis would likeley be out of scope, if the user wants to manually supply RSA parameters its likely for some more low-level operation.
The text was updated successfully, but these errors were encountered: