23954 2013-12-02 17:58:51 +0000 Please specify RsaOaepParams label semantics 2014-01-22 23:33:56 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified All All RESOLVED INVALID P2 normal --- 1 ap sleevi watsonm oldest_to_newest 96964 0 ap 2013-12-02 17:58:51 +0000 One can add a label when performing RSA-OAEP encryption, but can't get it from an encrypted message. Should there be a way to get the label? Also, unclear why decrypt operation also takes RsaOaepParams with a label. Is decryption supposed to fail if the labels don't match? 98910 1 watsonm 2014-01-22 23:33:56 +0000 (In reply to Alexey Proskuryakov from comment #0) > One can add a label when performing RSA-OAEP encryption, but can't get it > from an encrypted message. > > Should there be a way to get the label? > > Also, unclear why decrypt operation also takes RsaOaepParams with a label. > Is decryption supposed to fail if the labels don't match? IIUC, the label in RSA-OAEP is additional data that is protected by the authentication tag, but not included in the ciphertext. So, the label is assumed to be communicated separately from the ciphertext (or otherwise made available to the recipient). It needs to be provided to the decrypt operation so that it can be included in the verification of the authentication tag.