Content deleted Content added
Speicify length of maskedSeed for decoding |
m replaced: seperated → separated, typo(s) fixed: Verifiy → Verify |
||
Line 20:
==Algorithm==
[[File:OAEP encoding schema.svg|410x410px|thumb|right|OAEP encoding schema according to RFC 8017]]
In the diagram,
* ''MGF'' is the [[Mask generation function|mask generating function]], usually MGF1,
* ''Hash'' is the chosen [[Cryptographic hash function|hash function]],
* ''hLen'' is the length of the output of the hash function in bytes,
* ''k'' is the length of the [[RSA (cryptosystem)|RSA]] modulus ''n'' in bytes,
* ''M'' is the message to be padded (at most <math>k - 2 \cdot \mathrm{hLen} - 2</math> bytes),
Line 55 ⟶ 54:
# To reverse step 6, recover the data block ''DB:'' <math>\mathrm{DB} = \mathrm{maskedDB} \oplus \mathrm{dbMask}</math>
# To reverse step 3, split the data block into its parts: <math>\mathrm{DB} = \mathrm{lHash'} || \mathrm{PS} || \mathrm{0x01} || \mathrm{M}</math>.
##
##* ''lHash''' is equal to the computed ''lHash''
##* ''PS'' only consists of bytes 0x00
##* ''PS'' and ''M'' are
##* the first byte of ''EM'' is the byte 0x00.
## If any of these conditions aren't met, then the padding is invalid.
| |||