Cross-platform verification of RSA PSS signatures

**Description of issue or feature request**:

There are two related issues:
1. The [salt length](https://crypto.stackexchange.com/questions/1217/rsa-pss-salt-size) used when _creating_ RSA PSS signatures.
2. And the salt length used when _verifying_ these signatures.

**Current behavior**:

1. We use a salt length equal to [DIGEST_LENGTH](https://cryptography.io/en/37.0.0/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH) when _creating_ these signatures.
2. Same for _verifying_ them. This is a problem when verifying cross-platform signatures (e.g., from the Golang `crypto/rsa` packages, which uses a different salt length by default as described below; see https://github.com/hashicorp/vault/pull/16549).

**Expected behavior**:
1. Although optional, and not necessary for the cross-platform verification of signatures, we should use a salt length equal to [MAX_LENGTH](https://cryptography.io/en/37.0.0/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.PSS.MAX_LENGTH) for the maximum provable security when _creating_ these signatures.
2. We should use a salt length equal to [AUTO](https://cryptography.io/en/37.0.0/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO) so that we can automatically _verify_ these signatures regardless of the input salt length.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cross-platform verification of RSA PSS signatures #421

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cross-platform verification of RSA PSS signatures #421

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions