-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Confusion over pkcs1v15::VerifyingKey::new
vs ::new_with_prefix
#238
Comments
I think it would be great if we had
|
I think part of the rationale for the current split is avoiding the need to have an Looking at RFC8017 Appendix 2.4, I'm unclear under what circumstances the OID can actually be omitted? So perhaps the current |
We seem to be running into a lot of people who are having trouble with PKCS#1 v1.5 signatures because the failure mode for the `oid` feature of the `sha2` crate being disabled is fairly unscrutable. See #234, #253, and the semi-related tracking issue for #238. If `rsa` has a `sha2` feature, we can always ensure `oid` is enabled, and this can be used in code examples. It also means users don't need two crates to create/verify PKCS#1 v1.5 signatures. RSA is used commonly enough with the SHA2 family that this integration probably makes sense.
We seem to be running into a lot of people who are having trouble with PKCS#1 v1.5 signatures because the failure mode for the `oid` feature of the `sha2` crate being disabled is fairly unscrutable. See #234, #253, and the semi-related tracking issue for #238. If `rsa` has a `sha2` feature, we can always ensure `oid` is enabled, and this can be used in code examples. It also means users don't need two crates to create/verify PKCS#1 v1.5 signatures. RSA is used commonly enough with the SHA2 family that this integration probably makes sense.
Renames the following: - `SigningKey::new` => `SigningKey::new_unprefixed` - `SigningKey::new_with_prefix` => `SigningKey::new` - `VerifyingKey::new` => `VerifyingKey::new_unprefixed` - `VerifyingKey::new_with_prefix` => `VerifyingKey::new` The `*_with_prefix` methods are preserved with a deprecation warning, which should help people migrate to the new versions. Closes #238
Renames the following: - `SigningKey::new` => `SigningKey::new_unprefixed` - `SigningKey::new_with_prefix` => `SigningKey::new` - `VerifyingKey::new` => `VerifyingKey::new_unprefixed` - `VerifyingKey::new_with_prefix` => `VerifyingKey::new` The `*_with_prefix` methods are preserved with a deprecation warning, which should help people migrate to the new versions. Closes #238
In #234 we had some people confused about signature verification failing with
::new
, and they had trouble discovering::new_with_prefix
.It would be good to either improve the documentation here, or eliminate the distinction between
::new
and::new_with_prefix
and automatically determining if the prefix is needed (e.g. based on the OID of the provided digest).It seems like other RSA libraries are able to make this determination automatically.
The text was updated successfully, but these errors were encountered: