New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invalid RSA CSR generated with 3.0 branch #1522
Comments
phpseclib 3.0 changes up how things work. If you look at the source code you'll note that the functions no longer have that 3.0 / master branch: phpseclib/phpseclib/File/X509.php Line 2520 in 844d7ab
2.0 branch: phpseclib/phpseclib/File/X509.php Line 3612 in 64708ae
The way it works in the 3.0 / master branch is that you set the preferred parameters in the private key itself. So in this case you'd do this: $privKey = PublicKeyLoader::load($pem);
$privKey = $privKey->withPadding(RSA::SIGNATURE_PKCS1); Also, keep in mind that if you're not setting a password in It's doing PSS, as is, because PSS is th default padding scheme that RSA keys utilize (because it's the more secure one, albeit the less frequently used one) |
Note that this is necessary now that phpseclib supports keys other than just RSA keys. What happens if you're trying to use an EC key with If that |
@terrafrost not sure I follow you. Other than the keysize/curve there isn't much else you can take from the key. In the case I have an RSA key and want to sign a CSR with different hash algorithm sha1, sha224, sha256, sha384 & sha512. You cannot determine this from the key itself. How can I choose which algorithm to sign with? Same deal with ECDSA, you can determine the curve from the key i.e prime256v1 but the hashing algorithm needs to specified during the signing of the CSR i.e. ecdsa-with-sha256 / sha384 etc Are you saying you are setting a default hashing algorithm based on the key type (RSA/ECDSA)? If so that makes sense but am I also able to set something other than the default? |
$key = $key->withHash('sha512'); Remember, key objects in phpseclib 3.0 are immutable and yet it's the keys you sign with. phpseclib doesn't employ do things like Java, wherein you'd do something like So how do you set the hash with that ? With 1.0 / 2.0 you'd do Where public key crypto is concerned phpseclib 3.0 / master is a complete paradigm shift from 1.0 / 2.0. |
Thank you for clarifying. I like the paradigm shift. |
When using the following snippet to generate a basic CSR from RSA key, it seems the wrong encryption type is set..
Some issues..
With 3.0 branch do we need to somehow set the rsaEncryption type??
Here is a sample RSA key used for this procedure which is the value for $pem
Here is a sample broken CSR generated from the above
Here is the OPENSSL output
The text was updated successfully, but these errors were encountered: