Hi again, :)
I'm having trouble deciding programmatically in the KeyResolver.ResolveKey() which Algorithm to use when the retrieved public key is RSA. The confusion likes between the signing methods PSS and PKCS#1 v1.5, as key sizes can be extracted from the key itself.
Currently most of the applications I interact with and send me signatures to verify, use PKCS#1 v1.5, but I would like to avoid making that assumption in code.
So here I am not being able to wrap my head around the why does the implementor need to explicitly decide which Algorithm needs to be used, when that information is usually available in the signature parameters found in Signature-Input, and especially when the two are not the same the signer returns an error.
So I'm wondering if there should be a way for the calling code to tell the verifier to try whichever algorithm is specified in the Signature-Input, and fail only if there wasn't one specified in both the signature parameters and Key.Algorithm?
Does this make sense to you?
Hi again, :)
I'm having trouble deciding programmatically in the
KeyResolver.ResolveKey()which Algorithm to use when the retrieved public key is RSA. The confusion likes between the signing methods PSS and PKCS#1 v1.5, as key sizes can be extracted from the key itself.Currently most of the applications I interact with and send me signatures to verify, use PKCS#1 v1.5, but I would like to avoid making that assumption in code.
So here I am not being able to wrap my head around the why does the implementor need to explicitly decide which Algorithm needs to be used, when that information is usually available in the signature parameters found in
Signature-Input, and especially when the two are not the same the signer returns an error.So I'm wondering if there should be a way for the calling code to tell the verifier to try whichever algorithm is specified in the
Signature-Input, and fail only if there wasn't one specified in both the signature parameters andKey.Algorithm?Does this make sense to you?