How to verify the PSS signature with the public key?
NikolaWissenklaus opened this issue · 9 comments
The signature example shows that to verify the PSS signature, verifying_key needs to have signing_key with the signer's private key, but wouldn't it be correct to verify the data with the signer's public key?
Do you have any example where user A signs the data with PSS and user B verifies it? (with user A's public key)
That's what that example is showing. The signer (user A) has to calculate the verifying key at some point and give it to user B somehow.
What it isn't showing e.g. the key being serialized to bytes. Would that be helpful?
Hello! How are you?
So user A will pass the encrypted message, signature and verifying_key (in bytes) to user B?
So user B will decrypt the message with (user B's) private key, and then verify that the message is authentic with verifying_key(message, signature)?
But doesn't user B need user A's public key to verify?
Sorry if my question may seem stupid...
Generally some trust relationship between signer and verifier needs to be established first, as opposed to passing the verifying key along with the message. Otherwise an attacker can just pass an attacker-controlled key with the message.
Got it! Thank you very much for clarifying! Now I know how I can implement it.
Wait, what about that?
https://docs.rs/rsa/latest/rsa/struct.RsaPublicKey.html#:~:text=pub%20fn%20verify%3CS%3A%20SignatureScheme%3E(
can I do this?
let verification = public_key.verify(padding, &hashed_msg, &signature);
match check {
Ok(_) => println!("Signature verified successfully."),
Err(e) => println!("Failed to verify signature: {:?}", e),
}I found this example in this repository I found: https://github.com/succinctlabs/sp1/blob/main/examples/rsa/program/src/main.rs
Yes, that's an alternative API that does the same thing
But is this alternative as safe as the first example? Or is there no difference?
They're functionally equivalent
Great! Thank you very much! We can close this thread. :)