Add support for the optional JWS RSASSA-PSS algorithm
Issue #50
resolved
RSASSA-PSS was introduces in JOSE -11.
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-11#section-3.5
Comments (5)
-
-
reporter Thanks for voting for this.
-
reporter - changed status to open
-
reporter - changed status to resolved
Adding PSS support completed with commit c58c87dc459a6d83088cda72a98d5393e7956c8e, took about an hour to do, the params were a bit tricky to get right, requires the BouncyCastle JCA provider to be loaded.
Added sign-verify cycle tests. Unfortunately the JWS spec doesn't have test vectors.
-
reporter The new PS* signatures were released with 2.20 which was just pushed to Maven Central.
How to use them - see the article in our blog: http://t.co/48W3cprsLZ
- Log in to comment
The use of RSASSA-PKCS-v1_5 is somewhat a problem due to the known vulnerabilities with it; so I would suggest that most will in preference use the RSASSA-PSS equivalent. So profiles PS256, PS384 & PS512 from http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-17. The only one I can see missing is the PS384....