- edited description
RSA PSS with provider that doesn't support parameter spec
Issue #110
closed
The nCipher provider does not accept parameter specs for RSA PSS Signatures. As a result, in org.jose4j.jws.BaseSignatureAlgorithm when calling Signature.setParameter(AlgorithmParameterSpec params), an exception is being thrown: "java.lang.UnsupportedOperationException: This implementation of Signature does not have AlgorithmParameters". And jose4j considers the RSA PSS algorithms unavailable.
According to nCipher, it does not accept algorithm parameters. Instead, it uses the salt length which is equal to the hash length (e.g., SHA384 would use a salt length of 48 bytes) which is compatible with JWA https://tools.ietf.org/html/rfc7518#section-3.5 and what the parameter specs in org.jose4j.jws.RsaPssShaXXX have.
All the other providers that I know about that support PSS either support parameter spec or default to using a salt length equal to the hash length.
So it should be okay to wrap the Signature.setParameter(AlgorithmParameterSpec params) call in BaseSignatureAlgorithm with a try/catch for UnspportedOperationException and let things proceed.
Comments (3)
-
reporter
-
reporter
- changed status to resolved
cc83c6e addressed this by catching UnsupportedOperationException and allowing things to proceed
-
reporter
- changed status to closed
released in jose4j-0.6.3
- Log in to comment
