Open est31 opened 3 years ago
This is due to this code:
pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Self, KeyRejected> {
const RSA_ENCRYPTION: &[u8] = include_bytes!("../data/alg-rsa-encryption.der");
let (der, _) = pkcs8::unwrap_key_(
untrusted::Input::from(RSA_ENCRYPTION),
Basically, ring expects the RSA keypair to have the old rsaEncryption algorithm identifier.
When the PSS algorithm identifier is used, the expectation is that the keypair would be restricted to PSS. So in addition to extending the above logic to recognize and accept the PSS algorithm identifier, we'd also need for the key to remember that it is only to be used to sign using PSS. This in term would require us to add metadata to each keypair and to each padding scheme for this, add checks that the metadata is consistent, and add tests to verify that all of this is working as corrected.
I would be happy to accept a PR that does this.
The OID of the keypair not being accepted is indeed 1.2.840.113549.1.1.10
, which is the rsaPSS
OID.
While Ring can load traditional PKCS#1 1.5 RSA keys, it can't load RSA-PSS (PKCS#1 2.1) keys. Example:
See also this gist which creates an entire certificate that uses RSA-PSS.