RSA-based and SHA-256-involving signature methods

rpuch commented 7 years ago

added support for the following signature methods: RSA-SHA1, RSA-SHA256, HMAC-SHA256 (the third and second methods are non-standard extensions)

RSA-SHA1 is a standard signature method defined by OAuth 1.0a. It is nice to have it implemented.

As for RSA-SHA256, it is non-standard, but now, when SHA1 is compromised in practice, RSA-SHA1 does not seem to provide enough security. Hence RSA-SHA256 may be useful for clients and servers that will to use asymmetric signatures and not suffer from a weak signature algorithm.

HMAC-SHA1 does not seem to be compromised, but HMAC-SHA256 (again, a non-standard signature method) support was added for completeness.

rpuch commented 7 years ago

Thanks for your review! I'm currently working on implementing the changes you suggested.

rpuch commented 7 years ago

I've made the changes you suggested. Also, openssl_sign error handling is added. Could you please review this change specifically? I'm not very familiar with Openssl extension in PHP.

rpuch commented 7 years ago

Hi Matt! Is there anything missing from my side on this pull request?

rpuch commented 4 years ago

@themattharris just bumping

themattharris / tmhOAuth

RSA-based and SHA-256-involving signature methods #194