-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: sign/verify support for RSASSA-PSS #1127
Comments
I did a bit more digging. It might be easier to update node_crypto.cc to use the later OpenSSL EVP API's.
Then it should be a matter of calling The only thing I'm a bit unsure of is MGF1. |
+1 I would appreciate this feature, and it would help keep node compatible with more products in the future as adoption grows. |
@nodejs/crypto Any thoughts on this? Specifically, is this a reasonable feature to include in core? And given as the issue is more than a year old, has anything changed that might make this issue obsolete? ("Oh, we already added support for that six months ago!") |
No strong opinion. I think it could be retrofitted onto PSS appears to be rare. Not a reason to reject it but it is arguably a reason to not spend too much effort on it. I'd be interested in hearing use cases.
Not strictly necessary. They're aliases for their EVP_Digest counterparts in OpenSSL 1.1.0. |
Is there any movement on this? I have a requirement to use |
@mwain No movement whatsoever. |
Would it be considered if i put something together? |
If it's not too intrusive I don't see why not. I'm curious what your use case is though. |
Ok, you mentioned it might be able to be retrofitted into So i was thinking of adding an extra function to each to set padding type and option padding length? |
That sounds reasonable. Documenting and extending |
@bnoordhuis Just one possible use case I recently stumbled upon: The WebCrypto API specifies two algorithms for RSA-based signatures, RSASSA-PSS and RSASSA-PKCS1-v1_5. I think it would be nice to provide interoperability with as many of the operations defined as part of the WebCrypto API as possible, including RSASSA-PSS.
Could you elaborate on this?
@patbaker82 The new API (
I am by no means an expert when it comes to RSA, but isn't MGF1 the default MGF for RSASSA-PSS? |
You're right, good point. |
@bnoordhuis Is it okay to add an optional |
@tniessen Yes, I think that would be alright. |
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: nodejs#1127
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: nodejs#1127 PR-URL: nodejs#11705 Reviewed-By: Shigeki Ohtsu <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: nodejs#1127 PR-URL: nodejs#11705 Reviewed-By: Shigeki Ohtsu <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: #1127 PR-URL: #11705 Reviewed-By: Shigeki Ohtsu <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: #1127 PR-URL: #11705 Reviewed-By: Shigeki Ohtsu <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Can you help me to use SHA256withRSA/PSS ? @mwain |
It would be good if the crypto.createSign / crypto.createVerify implementations supported different openssl padding schemes instead of the default PKCS1.5. Specifically, I'm interested in PSS and PSS with MGF1.
RSA_padding_add_PKCS1_PSS
RSA_padding_add_PKCS1_PSS_mgf1
I found the following forum post that may help in the development effort.
http://openssl.6102.n7.nabble.com/RSA-sign-and-verify-td44219.html
I'm a bit out of my depth with C++, however I'm willing to help implement if someone could point me in the right direction with crypto.cc.
Thanks
The text was updated successfully, but these errors were encountered: