This is somewhat directed at Sean, but if somebody else knows... It looks like the RSA-OAEP key transport support is limited to SHA-1 as a digest right now in the Java code. It seemed as though Java might support the full range of SHA-2 options with that, but I guess the API here doesn't.
I don't pretend to know if the SHA-1 weaknesses compromise the key transport, but I know it will probably get asked about. I was going to patch the C++ code to handle SHA-2, but don't have anything to test against. -- Scott
