-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA Signing #5
Comments
I can take a look at it. |
@billabt that would be really helpful, thanks! |
@collinhundley: What exactly are you looking for? RSA key generation, signing/verification and public/private encryption/decryption? These appear to be the most common and are available with macOS/CommonCrypto and OpenSSL... |
I'd like to sign JWT tokens using RSA. I'm no crypto expert, but I use BlueCryptor for a JWT library and it currently uses HMAC. Google'a APIs only support RSA signing though. |
Ok. I'll see what I can do... No sure how soon I can get to it. Might have some time this weekend or maybe sooner. |
@billabt any luck here? |
I haven't had the chance to look at it yet. Possibly this weekend. Been busy with another project. Sorry. |
After doing some research over the weekend, I found that a key header on macOS is NOT included in the macOS SDK. This header is |
I'm still exploring other options... |
Hmm, that is strange. Could we implement the OpenSSL side first while we wait to hear back from Apple? For my particular use I only need the Linux code anyway. |
I'll have to think about that one... Let me finish exploring other options. I'd prefer to build an API that's going to work for both macOS (and friends) and Linux rather than build one based on the OpenSSL implementation and then have to change it later to make it more generic to accommodate the macOS implementation. I don't think Apple is going to give us access to the |
Makes sense. I might look into the OpenSSL API to get familiar with it, since my project is a bit time sensitive. Might be able to patch something together until we build something more robust. |
The OpenSSL API for signing is pretty simple. Since you're using BlueCryptor already, you've already go the OpenSSL module available. It should be just a simple matter of calling the API at the appropriate point. Let me know if you run into any issues calling the API, maybe I can help. |
Hey @billabt any progress on this? I'm looking at the OpenSSL API now and noticed that you started an RSA implementation. |
Still investigating. Trying to avoid use of keychain APIs on macOS. |
I've got an implementation working with OpenSSL on macOS. The advantage is that the API is the same as Linux, but it requires us to import IBM-Swift/OpenSSL-OSX |
If you want to check out my initial (rough) implementation, you can find it here. It doesn't follow the |
Ok, cool. I took a quick look at it. Unfortunately, the way it's implemented forces both CommonCrypto AND OpenSSL to be linked into the binary. This is NOT acceptable. Way too heavyweight. If all you're looking for is signing, I'd suggest that you use an |
Yeah, the idea isn't to keep the OpenSSL implementation on macOS - it's just an easy way to develop with code completion (especially since I'm not super familiar with the OpenSSL API). However, this implementation is a starting point for the Linux version regardless of the direction you choose to take for macOS. It can be easily modified if you want |
Explanation about RS256 of JSONWebToken
|
There's another framework that I'm working on that will do what you want. It's just not ready yet. I've still got to add Linux support to it. I'll leave this issue open until it's released and then let you know. |
Hey @billabt, any update here? I've got a new application that needs to be signed using RSA-SHA1. Would love to hear about your new framework, if you've made any progress with it. |
@collinhundley: This is still a work in progress. The macOS portion is complete. The Linux side is still a work in progress but we hope to make it available shortly. Look for BlueRSA, currently set up as private but will go public upon completion. |
FWIW, it's possible to use Looking forward for BlueRSA, though! |
Another vote for BlueRSA. Looking forward to it. I need to verify RSA signatures. |
BlueRSA should provide what you need. |
What would it take to extend this library to support RSA in addition to HMAC? I'd like to use it for signing JWT tokens, but Google only supports RS256.
Looks like CommonCrypto supports it, so I'm assuming OpenSSL does too.
The text was updated successfully, but these errors were encountered: