crypto: sign/verify support for RSASSA-PSS #1127
Comments
|
I did a bit more digging. It might be easier to update node_crypto.cc to use the later OpenSSL EVP API's.
Then it should be a matter of calling The only thing I'm a bit unsure of is MGF1. |
wolfie82
changed the title
brendanashworth
added
feature request
|
+1 I would appreciate this feature, and it would help keep node compatible with more products in the future as adoption grows. |
|
@nodejs/crypto Any thoughts on this? Specifically, is this a reasonable feature to include in core? And given as the issue is more than a year old, has anything changed that might make this issue obsolete? ("Oh, we already added support for that six months ago!") |
|
No strong opinion. I think it could be retrofitted onto PSS appears to be rare. Not a reason to reject it but it is arguably a reason to not spend too much effort on it. I'd be interested in hearing use cases.
Not strictly necessary. They're aliases for their EVP_Digest counterparts in OpenSSL 1.1.0. |
|
Is there any movement on this? I have a requirement to use |
|
@mwain No movement whatsoever. |
|
Would it be considered if i put something together? |
|
If it's not too intrusive I don't see why not. I'm curious what your use case is though. |
|
Ok, you mentioned it might be able to be retrofitted into So i was thinking of adding an extra function to each to set padding type and option padding length? |
|
That sounds reasonable. Documenting and extending |
@bnoordhuis Just one possible use case I recently stumbled upon: The WebCrypto API specifies two algorithms for RSA-based signatures, RSASSA-PSS and RSASSA-PKCS1-v1_5. I think it would be nice to provide interoperability with as many of the operations defined as part of the WebCrypto API as possible, including RSASSA-PSS.
Could you elaborate on this?
@patbaker82 The new API (
I am by no means an expert when it comes to RSA, but isn't MGF1 the default MGF for RSASSA-PSS? |
You're right, good point. |
|
@bnoordhuis Is it okay to add an optional |
|
@tniessen Yes, I think that would be alright. |
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: nodejs#1127
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: nodejs#1127 PR-URL: nodejs#11705 Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: nodejs#1127 PR-URL: nodejs#11705 Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: #1127 PR-URL: #11705 Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Adds support for the PSS padding scheme. Until now, the sign/verify functions used the old EVP_Sign*/EVP_Verify* OpenSSL API, making it impossible to change the padding scheme. Fixed by first computing the message digest and then signing/verifying with a custom EVP_PKEY_CTX, allowing us to specify options such as the padding scheme and the PSS salt length. Fixes: #1127 PR-URL: #11705 Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Can you help me to use SHA256withRSA/PSS ? @mwain |
It would be good if the crypto.createSign / crypto.createVerify implementations supported different openssl padding schemes instead of the default PKCS1.5. Specifically, I'm interested in PSS and PSS with MGF1.
RSA_padding_add_PKCS1_PSS
RSA_padding_add_PKCS1_PSS_mgf1
I found the following forum post that may help in the development effort.
http://openssl.6102.n7.nabble.com/RSA-sign-and-verify-td44219.html
I'm a bit out of my depth with C++, however I'm willing to help implement if someone could point me in the right direction with crypto.cc.
Thanks
The text was updated successfully, but these errors were encountered: