Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkcs7 PublicKey + RSASSA-PSS support + Secret Key Encryption for recipient #1063

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

frelibert
Copy link

@frelibert frelibert commented Dec 14, 2023

Supports defining following elements in pkcs signing and encryption:

  • SubjectKeyIdentifier as SignerIdentifier (alternative choice for IssuerAndSerialNumber)
  • SubjectKeyIdentifier as RecipientIdentifier (alternative choice for IssuerAndSerialNumber)
  • Support for RSASSA-PSS as scheme (defaults to RSASSA-PKCS1-V1_5, which was fixed value)
  • Support for encryption for a recipient with a secret key
  • Support to specify unsupported algorithms along with a function that implements it when adding a recipient with a secret key for symmetric encryption. The function will be called from inside the encrypt operation. This makes it possible to let the caller decide what content key encryption to use. The result will be embedded in the encryptedContent block of the recipient.

Context:

  • By supporting subjectKeyIdentifier as signer- and recipient identifiers, it is possible to work with an online registry of public keys (no need for certificates) for both signer and verifier.
  • RSASSA-PSS is more secure then RSASSA-PKCS1 and requires a little addition to the code since it is allready supported for signing other messages then pkcs7.
  • Using a secret key for a recipient makes it possible to support encrypting for unknown recipients or a group of recipients that share a secret key or are authorized to retrieve that key by its identifier (kekidentifier)

closes #1064, closes #1065, closes #1067

Frederik Libert added 2 commits December 14, 2023 11:23
Supports defining following elements in pkcs signing and encryption:
* SubjectKeyIdentifier as SignerIdentifier (alternative choice for IssuerAndSerialNumber)
* SubjectKeyIdentifier as RecipientIdentifier (alternative choice for IssuerAndSerialNumber)
* support for RSASSA-PSS as scheme (defaults to RSASSA-PKCS1-V1_5, which was fixed value)
@frelibert frelibert changed the title pkcs7 PublicKey + RSASSA-PSS support pkcs7 PublicKey + RSASSA-PSS support + Secret Key Encryption for recipient Dec 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant