Wrong RSA mode in RSA-PSS implementation for HSM

Question

Wrong RSA mode in RSA-PSS implementation for HSM

Closed this issue 4 years ago · 0 comments

RSA mode used for RSS-PSS signing operation is using RSA Encrypt mode.

This works with SoftHSM but recent tests has demonstrated problem with other HSM vendors. This is caused by the fact that encrypt operation is the operation of RSA using the public key while decrypt is the equivalent operation with the private key. Since signing is an operation with the private key, the raw RSA transform must be done in decrypt mode.