ebourg
commented
4 months ago How is configured your private key? Did you select PKCS#1 v1.5 padding?
Open outrunthewolf opened 4 months ago
ebourg
commented
4 months ago How is configured your private key? Did you select PKCS#1 v1.5 padding?
oleksii-tymofieiev
commented
3 months ago Is there a plan to support RSA-PSS key in jsign?
ebourg
commented
3 months ago My understanding is that Authenticode doesn't support RSA-PSS, but I may be wrong.
oleksii-tymofieiev
commented
3 months ago Thank you for your answers @ebourg and for the great work you are doing.
ebourg
commented
3 months ago @oleksii-tymofieiev You're welcome. Do you think you could send your signing certificate with the RSA-PSS key to ebourg@apache.org? I'd like to do some tests and see if I can print a useful error message when such a key is used.
apique13
commented
3 months ago Hi, I've got a similar issue with a YUBIKEY. Signature Algorithm sha384ECDSA Public key ECDSA_P384, ECC (384 bits) I can't tell you more, I can't see the private key. Thanks
ebourg
commented
3 months ago @apique13 What command line did you use?
apique13
commented
3 months ago Sorry, I think the problem is maybe the certificate on my yubikey. I tried with signtool too, there is no error, but the outpur file is not properly signed.
Hi, I'm consistently getting
Signature verification failed, the private key doesn't match the certificateI'm running JSign on Linux Ubunutu
I'm using GCP KMS and this is my command:
What I know:
openssl md5on the certificate, and the public key and all match. I'm not sure how I can test the private key from GCP though.My only other idea is my certfile is incorrectly formatted. In some cases I can see people using .pem (chained certs) and documentation mentions PKCS#7 or P7B format.
My certfile looks like:
Is there anyway you can give more information on the certfile formatting? Is there further way to run the JSign program in debug or verbose mode? Perhaps that could help me spot an issue.
Thanks.