Module Rsa.OAEP

OAEP-padded encryption, as defined by PKCS #1 v2.1.

The same hash function is used for padding and MGF. MGF is MGF1 as defined in PKCS #1 2.1.

Keys must have a minimum of 2 + 2 * hlen + len(message) bytes, where hlen is the hash length.



val encrypt : ?g:Mirage_crypto_rng.g -> ?label:Cstruct.t -> key:pub -> Cstruct.t -> Cstruct.t

encrypt ~g ~label ~key message is OAEP-padded and encrypted message, using the optional label.

  • raises Insufficient_key

    (see Insufficient_key)

val decrypt : ?crt_hardening:bool -> ?mask:mask -> ?label:Cstruct.t -> key:priv -> Cstruct.t -> Cstruct.t option

decrypt ~crt_hardening ~mask ~label ~key ciphertext is Some message if the ciphertext was produced by the corresponding encrypt operation, or None otherwise. crt_hardening defaults to false.