Open rmhrisk opened 7 years ago
OpenPGP seems to have a cleaner PKCS1.5 impl - https://github.com/openpgpjs/openpgpjs/blob/c9b20c96e01e030b8c8424d0ca6e76b59e983c21/src/crypto/pkcs1.js
Is this specifically for signing only, or are there plans to add encryption support (even though it's not in WebCrypto) to support legacy interoperability? Any insight on only having RSA-OAEP in WebCrypto and its implications for interoperating with existing S/MIME implementations?
It already supports RSA OAEP (encryption), this should be enough for that. See https://peculiarventures.github.io/pv-webcrypto-tests/ for what is supported in each of your target UAs.
Most UAs seem to support RSA PKCS1.5, we can add support for it in the JS implementation but until it is clear there is a UA that would require it (possibly IE, for example) we won't do this work. That is what this bug is tracking.
Our decision to use asmcrypto.js means we do not get PKCS#1 1.5 from the third-party library, it seems like we can still accomplish this by padding and them using raw crypto.
Forge has a PKCS 1.5 implementation:
https://github.com/digitalbazaar/forge/blob/5f56c29c4bcd88b7b856ea04e5fd3063ab0f6888/js/rsa.js#L1406-L1472
And asymcrypto.js lets us do raw crypto: https://github.com/vibornoff/asmcrypto.js/blob/master/src/rsa/exports-raw.js
Asmcrypto.js also has a bug open to add support for PKCS1.5, we could try to work with them to get it natively supported.