Skip to content

Key Algorithm issues #130

Description

@mariusor

Hi again, :)

I'm having trouble deciding programmatically in the KeyResolver.ResolveKey() which Algorithm to use when the retrieved public key is RSA. The confusion likes between the signing methods PSS and PKCS#1 v1.5, as key sizes can be extracted from the key itself.

Currently most of the applications I interact with and send me signatures to verify, use PKCS#1 v1.5, but I would like to avoid making that assumption in code.

So here I am not being able to wrap my head around the why does the implementor need to explicitly decide which Algorithm needs to be used, when that information is usually available in the signature parameters found in Signature-Input, and especially when the two are not the same the signer returns an error.

So I'm wondering if there should be a way for the calling code to tell the verifier to try whichever algorithm is specified in the Signature-Input, and fail only if there wasn't one specified in both the signature parameters and Key.Algorithm?

Does this make sense to you?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions