Is SHA256withRSA and MGF1 AND SHA256WithRSA/PSS the same?

Question

Is SHA256withRSA and MGF1 AND SHA256WithRSA/PSS the same?

lwmxiaobei opened this issue 2 years ago · 4 comments

nodejs:


// sign
const sig = new jsrsasign.KJUR.crypto.Signature({"alg": "SHA256withRSAandMGF1"});
const prikey1 = jsrsasign.KEYUTIL.getKey(prikey);
const data  = '/payment/api/merc/v1/mercorder/0/34534534534653465?mercNo=101291100063';
sig.init(prikey1);
sig.updateString(data);
let sign = sig.sign();

// verify
const sig2 = new jsrsasign.KJUR.crypto.Signature({"alg": "SHA256withRSAandMGF1"});
const pubkey = jsrsasign.KEYUTIL.getKey(publicKey);
sig2.init(pubkey);
sig2.updateString(data);
console.log(sig2.verify(sign));// true

I use nodejs to sign and verify without any problem, but the java verification fails, java is using SHA256WithRSA/PSS

What's the problem ？

thinks

Answer 1 · 2022-06-16T13:48:31.000Z

Hi. Did you provide PSS parameter in Java properly?:

Signature signatureSHA256Java = Signature.getInstance("SHA256withRSA/PSS");
signatureSHA256Java.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));

Answer 2 · 2022-06-16T16:08:26.000Z

I hope the issue #515 also helps you.

Answer 3 · 2022-06-21T07:48:18.000Z

I'll close this ticket since there is no further response.

Answer 4 · 2022-06-21T07:50:48.000Z

I'll close this ticket since there is no further response.

it is ok! thinks