My understanding is that RSAES-PKCS1-v1_5 pads with random bytes so shouldn't ยง4.1 "Key Encryption using RSA v1.5 and AES-HMAC-SHA2" have a note similar to what's been added in other sections that states that it "might not be possible to exactly replicate the results in this section..."? My experience with RSA v1.5 has been that each invocation of it will produce a different the encrypted key value even for the same CEK (short of doing something funky with the source of randomness but even then there's not enough info in the draft to recreate the exact same results).
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
