Which padding is used by javax.crypto.Cipher for RSA

Question

I need to decrypt messages via RSA in order to send it over an unsecured channel, but I\'m afraid of the Padding Oracle Attack. Therefore I already have asked the follwoing

Answer 1

It depends on the chosen or default provider which padding is actually used when you instantiate a Cipher without fully qualifying it like:

Cipher.getInstance("RSA")

Doing so is a bad practice, because if you switch Java implementations, there might be different defaults and suddenly, you won't be compatible with the old ciphertexts anymore. Always fully qualify the cipher.

As I said before, the default will probably (there are many providers, one can't be sure) be PKCS#1 v1.5 padding. If you need another, you would have to specify it. If you want to use OAEP, here is a fully qualified cipher string from here:

Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");