Add support for the optional JWS RSASSA-PSS algorithm

Issue #50 resolved

Vladimir Dzhuvinov created an issue 2013-05-29

RSASSA-PSS was introduces in JOSE -11.

Comments (5)

James Holland
The use of RSASSA-PKCS-v1_5 is somewhat a problem due to the known vulnerabilities with it; so I would suggest that most will in preference use the RSASSA-PSS equivalent. So profiles PS256, PS384 & PS512 from http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-17. The only one I can see missing is the PS384....
- 2013-10-17T10:31:47+00:00
Vladimir Dzhuvinov reporter
Thanks for voting for this.
- 2013-10-17T12:51:28+00:00
Vladimir Dzhuvinov reporter
- changed status to open
- 2013-10-17T13:11:55+00:00
Vladimir Dzhuvinov reporter
- changed status to resolved
Adding PSS support completed with commit c58c87dc459a6d83088cda72a98d5393e7956c8e, took about an hour to do, the params were a bit tricky to get right, requires the BouncyCastle JCA provider to be loaded.

Added sign-verify cycle tests. Unfortunately the JWS spec doesn't have test vectors.
- 2013-10-17T14:55:00+00:00
Vladimir Dzhuvinov reporter
The new PS* signatures were released with 2.20 which was just pushed to Maven Central.

How to use them - see the article in our blog: http://t.co/48W3cprsLZ
- 2013-10-17T15:57:50+00:00
Log in to comment