0

I am working on creating an RSA Algorithm and learned that OAEP is a padding scheme that is commonly used before encrypting using RSA. Is this step necessary? Will it harm the integrity/security of the encrypted text?

BobbaTea
  • 3
  • 1
  • 1
    I once heard a wise man say that RSA padding should really be called "armoring" instead of "padding", because it's totally insecure without it. – Ella Rose Jan 07 '18 at 17:44

1 Answers1

4

Is this step necessary?

Yes. Assuming you don't want to adopt a RSA-KEM based approach, you need some form of padding to gain full IND-CCA2 security (textbook RSA even lacks the much weaker IND-CPA security!) and OAEP is the preferred such scheme, having a security reduction for IND-CCA2 (that is, it's IND-CCA2 as long as some reasonable assumptions hold).

SEJPM
  • 45,967
  • 7
  • 99
  • 205