Cannot get matching RSA SHA512 signature compared to nodejs `crypto`

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.

https://kjur.github.io/jsrsasign

Other

3.25k stars 646 forks source link

Cannot get matching RSA SHA512 signature compared to nodejs `crypto` #619

Closed paullinator closed 3 months ago

paullinator commented 5 months ago

give the same privateKey I'm using the following code to generate and verify signatures using nodejs crypto and jsrsasign. jsrsasign can't seem to create a valid signature that node crypto with verify as correct. Here's my code. Any help would be appreciated

https://github.com/EdgeApp/edge-react-gui/blob/paul/paybisSig/src/testcrypto.ts

kjur commented 4 months ago

Sorry but I can't see the link above.

kjur commented 4 months ago

I see your code before and it seems the issue of RSAPSS salt length difference between node crypto and jsrsasign.

To verify RSAPSS signature generated by Node crypto, you need to specify salt length in jsrsasign as follows:

const s3 = new jsrsasign.KJUR.crypto.Signature({alg: "SHA512withRSAandMGF1", psssaltlen: -2});

RSAPSS signature default: Node crypto: saltLength=crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN=-2 (This will be 446 for SHA512) jsrsasign: 20(SHA1), 32(SHA256), 48(SHA384), 64(SHA512)

kjur commented 3 months ago

I seems no further comments. This will be closed.