PKCS #1 v1.5 padding is vulnerable to Bleichenbacher attack, which allows an attacker to use the padding validation of a cryptographic message to decrypt the message.
It is recommended to use OEAP
padding which is not vulnerable to these kinds
of attacks.
package main
import (
"crypto"
"crypto/rsa"
)
func foo() error {
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return err
}
cipherText, err := rsa.EncryptPKCS1v15(
rand.Reader,
&privateKey.PublicKey,
[]byte("Hello World"),
)
if err != nil {
return err
}
// ...
}
package main
import (
"crypto"
"crypto/rsa"
"crypto/sha256"
)
func foo() error {
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return err
}
cipherText, err := rsa.EncryptOEAP(
sha256.New(),
rand.Reader,
&privateKey.PublicKey,
[]byte("Hello World"),
[]byte("label"),
) // this method of encryption is not compatible with PKCS #1 v1.5
if err != nil {
return err
}
// ...
}