`jcaName`/`parseFromJca`

[iaik-jheher]

parseFromJca returns unqualified CryptoSignature; .rawByteEncodable would be nice.

To do this, we would need the JCA to give us raw byte signatures, not DER encoded. This is standardized.

We could change the jcaName on X509SignatureAlgorithm to the P1363 version, and update parseFromJca to match. But: this would explode if the two are not used in concert, but signature strings are manually pfusched.

Food for thought. It'll probably be irrelevant once we merge the Signer work.

[JesusMcCloud]

Just keep in mind that the outside world exists and there's lots of code out there on the JVM that does not respect such a convention. But I do agree that it will be far less relevant when the signer is done

[iaik-jheher]

jcaName no longer exists, so this would be an update to the getJCASigner method instead.

I still think it'd make sense to do; document it on parseJCA..., and anyone insistent on using the plain version can just use decodeFromDER directly?

[JesusMcCloud]

we will need to verify these identifers work on Android too

[JesusMcCloud]

closing this. I think we have everything we need

[iaik-jheher]

@JesusMcCloud did we end up doing this?

[JesusMcCloud]

you implemented the following and I think this is everything we need

• SignatureAlgorithm.getJCASignatureInstance()
• SpecializedSignatureAlgorithm.getJCASignatureInstance()
• SignatureAlgorithm.getJCASignatureInstancePreHashed()
• SpecializedSignatureAlgorithm.getJCASignatureInstancePreHashed()
• CryptoSignature.jcaSignatureBytes
• CryptoSignature.parseFromJca()
• CryptoSignature.EC.parseFromJca()
• CryptoSignature.RSAorHMAC.parseFromJca()
• CryptoSignature.EC.parseFromJcaP1363

[iaik-jheher]

The issue was about changing what JCA algorithm string is used by those methods, and correspondingly what signature encoding format parseFromJca (without P1363 suffix) expects.

(So unless you made further changes, the issue is not resolved.)