Is SHA256withRSA and MGF1 AND SHA256WithRSA/PSS the same?
lwmxiaobei opened this issue · 4 comments
lwmxiaobei commented
nodejs:
// sign
const sig = new jsrsasign.KJUR.crypto.Signature({"alg": "SHA256withRSAandMGF1"});
const prikey1 = jsrsasign.KEYUTIL.getKey(prikey);
const data = '/payment/api/merc/v1/mercorder/0/34534534534653465?mercNo=101291100063';
sig.init(prikey1);
sig.updateString(data);
let sign = sig.sign();
// verify
const sig2 = new jsrsasign.KJUR.crypto.Signature({"alg": "SHA256withRSAandMGF1"});
const pubkey = jsrsasign.KEYUTIL.getKey(publicKey);
sig2.init(pubkey);
sig2.updateString(data);
console.log(sig2.verify(sign));// true
I use nodejs to sign and verify without any problem, but the java verification fails, java is using SHA256WithRSA/PSS
What's the problem ?
thinks
kjur commented
Hi. Did you provide PSS parameter in Java properly?:
Signature signatureSHA256Java = Signature.getInstance("SHA256withRSA/PSS");
signatureSHA256Java.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));
kjur commented
I'll close this ticket since there is no further response.
lwmxiaobei commented
I'll close this ticket since there is no further response.
it is ok! thinks