Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to verify RSA signatures #2

Closed
lmammino opened this issue Nov 20, 2021 · 3 comments · Fixed by #33
Closed

Add support to verify RSA signatures #2

lmammino opened this issue Nov 20, 2021 · 3 comments · Fixed by #33
Assignees
@lu-zero
Labels
enhancement New feature or request
Milestone
0.1.0

Comments

@lmammino
Copy link
Member

lmammino commented Nov 20, 2021
edited

The current implementation only supports EC P-256 signatures.

Some test certs use RSA (example data CH/2DCode/raw/1.json).

Specification is scattered a bit around, but this is probably the best i could find: https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v1_en.pdf

Pagg 5-6 say:

The Signature Algorithm (alg) parameter indicates what algorithm is used for the creating the
signature. It must meet or exceed current SOG-IT guidelines.
One primary and one secondary algorithm is defined. The secondary algorithm should only be
used if the primary algorithm is not acceptable within the rules and regulations imposed on the
implementor.
However, it is essential and of utmost importance for the security of the system that all
implementations incorporate the secondary algorithm. For this reason, both the primary and
the secondary algorithm MUST be implemented.
For this version of the specification, the SOG-IT set levels for the primary and secondary
algorithms are:

  • Primary Algorithm: The primary algorithm is Elliptic Curve Digital Signature Algorithm
    (ECDSA) as defined in (ISO/IEC 14888–3:2006) section 2.3, using the P–256 parameters as defined in appendix D (D.1.2.3) of (FIPS PUB 186–4) in combination the
    SHA–256 hash algorithm as defined in (ISO/IEC 10118–3:2004) function 4.

This corresponds to the COSE algorithm parameter ES256.

  • Secondary Algorithm: The secondary algorithm is RSASSA-PSS as defined in (RFC 8230) with a modulus of 2048 bits in combination with the SHA–256 hash algorithm as
    defined in (ISO/IEC 10118–3:2004) function 4.

This corresponds to the COSE algorithm parameter: PS256
@lmammino lmammino added the enhancement New feature or request label Nov 21, 2021
@lmammino lmammino added this to the 0.1.0 milestone Nov 24, 2021
@dodomorandi dodomorandi mentioned this issue Nov 24, 2021
Closed
@dodomorandi
Copy link
Contributor

@lmammino I think that @lu-zero is already doing something related to this issue in #14.

@lmammino lmammino assigned lu-zero and unassigned dodomorandi Nov 24, 2021
@lu-zero
Copy link
Collaborator

lu-zero commented Nov 25, 2021

I started at least. Can you link the specification in the issue so hopefully later I can continue?

@dodomorandi dodomorandi mentioned this issue Nov 25, 2021
Merged
@lmammino lmammino mentioned this issue Nov 25, 2021
Merged
@lmammino
Copy link
Member Author

@lu-zero added some references to the spec in the issue description (sorry i missed your comment above when you posted it :/ )

@dodomorandi dodomorandi mentioned this issue Dec 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lu-zero lu-zero

Labels
enhancement New feature or request
Projects
None yet
Milestone
0.1.0
Development

Successfully merging a pull request may close this issue.

Add RSA support Rimpampa/dgc
3 participants
@lmammino @lu-zero @dodomorandi