Open outrunthewolf opened 4 months ago
How is configured your private key? Did you select PKCS#1 v1.5 padding?
Is there a plan to support RSA-PSS key in jsign
?
My understanding is that Authenticode doesn't support RSA-PSS, but I may be wrong.
Thank you for your answers @ebourg and for the great work you are doing.
@oleksii-tymofieiev You're welcome. Do you think you could send your signing certificate with the RSA-PSS key to ebourg@apache.org? I'd like to do some tests and see if I can print a useful error message when such a key is used.
Hi, I've got a similar issue with a YUBIKEY. Signature Algorithm sha384ECDSA Public key ECDSA_P384, ECC (384 bits) I can't tell you more, I can't see the private key. Thanks
@apique13 What command line did you use?
Sorry, I think the problem is maybe the certificate on my yubikey. I tried with signtool too, there is no error, but the outpur file is not properly signed.
Hi, I'm consistently getting
Signature verification failed, the private key doesn't match the certificate
I'm running JSign on Linux Ubunutu
I'm using GCP KMS and this is my command:
What I know:
openssl md5
on the certificate, and the public key and all match. I'm not sure how I can test the private key from GCP though.My only other idea is my certfile is incorrectly formatted. In some cases I can see people using .pem (chained certs) and documentation mentions PKCS#7 or P7B format.
My certfile looks like:
Is there anyway you can give more information on the certfile formatting? Is there further way to run the JSign program in debug or verbose mode? Perhaps that could help me spot an issue.
Thanks.