olehlong
commented
9 years ago RFC requires RSASSA-PKCS1-v1_5, so Botan version won't be compatible with implementations on any other language.
Closed tchaloupka closed 9 years ago
olehlong
commented
9 years ago RFC requires RSASSA-PKCS1-v1_5, so Botan version won't be compatible with implementations on any other language.
tchaloupka
commented
9 years ago Actually it is signed with RSASSA-PKCS1-v1_5 format (unittest result is the same as for OpenSSL). Here are the botan docs for signing: http://botan.randombit.net/manual/pubkey.html#signatures
Excerpt: For RSA, use EMSA4 (also called PSS) unless you need compatibility with software that uses the older PKCS #1 v1.5 standard, in which case use EMSA3 (also called “EMSA-PKCS1-v1_5”).
Thats why EMSA3 with specific hashes is used. Problem is just with the way the PK itself is provided to the lib.
tchaloupka
commented
9 years ago As for public key, that is not a problem as it is in an x509 format.
tchaloupka
commented
9 years ago For example this lib: http://kjur.github.io/jsjws/ Also supports only: X.509 certificate and PKCS#5/PKCS#8 encrypted/plain private/public key
I've finally make it work. Unfortunatelly Botan does not support PKCS#1 format private keys loading, so I had to convert the PK in unittest to PKCS#8 format. Also added Botan library init to the app.d as per: https://github.com/etcimon/botan/wiki/Getting-Started
For the future, it would be nice to have a possibility to not pass a PK as a string to encode and verify methods but directly as a Botan specific structures and also to use its SecureVector to make the lib more secure to use.