Add support for PS256, PS384, PS512

Question

Add support for PS256, PS384, PS512

robotdan opened this issue 5 years ago · 7 comments

robotdan commented 5 years ago

Additional context:
https://bitbucket.org/b_c/jose4j/issues/129/rsassa-pss-support-in-java-11

Answer 1 · 2020-04-29T06:18:11.000Z

When is it planned to release this feature?

Answer 2 · 2020-04-29T14:31:34.000Z

Not sure. I need to do some more research to see how much if any of this is possible within the JDK and if any eternal deps are required. If external deps are required I'll probably not implement it in this library and instead make a a separate library to build the additional verifier and signer objects.

Answer 3 · 2020-06-30T14:55:59.000Z

As I understand it, current JDKs support this: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8229518

In my opinion, supporting PSS is important, since the asymmetric alternatives have flaws:
RSxxx uses PKCS#1 v1.5 (difficult to implement correct, see recurring problems with Bleichenbacher attacks; PSS solves the problem fundamentally) and ESxx uses ECDSA (possibility of leaking the private key by using a weak random numbers) on NIST curves (http://safecurves.cr.yp.to/).

Answer 4 · 2020-07-02T14:43:20.000Z

Thanks for the link @JuliusPC I'll take a look.

Answer 5 · 2020-07-02T15:32:29.000Z

It looks like the support is pretty good, I prototyped a verifier. I may be able to get this out shortly.

Answer 6 · 2020-07-04T00:24:59.000Z

Committed initial support for these algorithms.
76a9fdd

I need to do some more testing, and make sure the JSON Web Key parsing doesn't need any changes, but so far it looks pretty straight forward.

Using this new algorithms will require the latest Java 8 (>= u251), or later versions of Java.

Answer 7 · 2020-07-04T17:46:13.000Z

Available in version 3.5.0.