A Java implementation of optimal asymmetric encryption padding, to be used in conjunction with RSA. Also includes an MGF1 implementation.
No rights reserved. I make no warranties about this project.
byte[] pad(byte[] message, String params, int length);
Returns a padded version of the message. params is a tokenizable String separated by spaces. The first argument should be the name of the hash function used, and the second argument should be the name of the mask function used. An example of a correct params string is SHA-256 MGF1, which also happens to be the only combination I have supported so far. length is simply the desired final length of the message. If you were using RSA-2048, this value would be 256.
Should anything fail, null will be returned instead.
NOTE: the message length cannot be greater than length - hLen * 2 - 1 where hLen is the size of the output of the hash function in bytes. This will be 32 since only SHA-256 is supported currently and it has an output of 32 bytes. So if you are using RSA-2048 and have a desired length of 256 bytes, the biggest message you can send will be 256 - 32 * 2 - 1 or 191 bytes.
byte[] unpad(byte[] message, String params);
Returns an unpadded version of the message given the params (these parameters should be the same as those used in the pad method).
Should anything fail, null will be returned instead.
byte[] MGF1(byte[] seed, int seedOffset, int seedLength, int desiredLength);
I've also included an implementation of MGF1 with this code. It takes an input seed and an offset (seedOffset) and length (seedLength) so that only a slice of the seed may be used to generate masks. desiredLength is the length of the output, a mask generated from the given seed.