RSA PSS doesn't support non power of 2 public keys #1423
Comments
masterzen
pushed a commit
to masterzen/phpseclib
that referenced
this issue
Oct 19, 2019
RFC3447 doesn't require RSA public keys to be power of 2 keys. The actual validation code doesn't work when trying to verify a PSS signature generated with a non power of two key. This small patch adds support for such keys.
terrafrost
pushed a commit
to terrafrost/phpseclib
that referenced
this issue
Oct 20, 2019
RFC3447 doesn't require RSA public keys to be power of 2 keys. The actual validation code doesn't work when trying to verify a PSS signature generated with a non power of two key. This small patch adds support for such keys.
|
Your fix has been merged. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The RFC3447 doesn't mention that public keys modulus size should be a power of 2.
Though, the RSA PSS verification code only supports keys whose modulus has a size that is a power of 2.
I discovered this while trying to validate the JWS PS256 signature of a token that had been signed with a public key of 522 bits.
The text was updated successfully, but these errors were encountered: