Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for PS256, PS384, PS512 #14

Closed
robotdan opened this issue Feb 26, 2020 · 7 comments
Closed

Add support for PS256, PS384, PS512 #14

robotdan opened this issue Feb 26, 2020 · 7 comments
Assignees
@robotdan
Milestone
3.5.0

Comments

@robotdan
Copy link
Member

robotdan commented Feb 26, 2020
edited

Add support for PS256, PS384, PS512

Additional context:
https://bitbucket.org/b_c/jose4j/issues/129/rsassa-pss-support-in-java-11
@sadovnyc
Copy link

When is it planned to release this feature?

@robotdan
Copy link
Member Author

Not sure. I need to do some more research to see how much if any of this is possible within the JDK and if any eternal deps are required. If external deps are required I'll probably not implement it in this library and instead make a a separate library to build the additional verifier and signer objects.

@JuliusPC
Copy link

As I understand it, current JDKs support this: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8229518

In my opinion, supporting PSS is important, since the asymmetric alternatives have flaws:
RSxxx uses PKCS#1 v1.5 (difficult to implement correct, see recurring problems with Bleichenbacher attacks; PSS solves the problem fundamentally) and ESxx uses ECDSA (possibility of leaking the private key by using a weak random numbers) on NIST curves (http://safecurves.cr.yp.to/).

@robotdan
Copy link
Member Author

robotdan commented Jul 2, 2020

Thanks for the link @JuliusPC I'll take a look.

@robotdan
Copy link
Member Author

robotdan commented Jul 2, 2020

It looks like the support is pretty good, I prototyped a verifier. I may be able to get this out shortly.

@robotdan robotdan self-assigned this Jul 2, 2020
@robotdan
Copy link
Member Author

robotdan commented Jul 4, 2020

Committed initial support for these algorithms.
76a9fdd

I need to do some more testing, and make sure the JSON Web Key parsing doesn't need any changes, but so far it looks pretty straight forward.

Using this new algorithms will require the latest Java 8 (>= u251), or later versions of Java.

@robotdan
Copy link
Member Author

robotdan commented Jul 4, 2020

Available in version 3.5.0.

@robotdan robotdan closed this as completed Jul 4, 2020
@robotdan robotdan added this to the 3.5.0 milestone Jul 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robotdan robotdan

Labels
None yet
Projects
None yet
Milestone
3.5.0
Development

No branches or pull requests
3 participants
@robotdan @sadovnyc @JuliusPC