Hash algorithm in signature.Signer/Verifier ignored #249
Labels
bug
Something isn't working
Comments
This was referenced Dec 9, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
signature.Signerandsignature.Verifiertypes are structured in a way that allows the caller to specify the hash algorithm that will be used to sign/verify. For example, once can use signature.LoadSigner to obtain asignature.Signer, and must specify acrypto.Hash.The current implementation of the
integritypackage always uses thecrypto.SHA256algorithm when signing, and the algorithm specified in the signature descriptor when verifying. This is reasonable when signing with PGP, since the arguments toOptSignWithEntity/OptVerifyWithKeyRingdo not have a way to express a desired hash algorithm. On the other hand, the arguments toOptSignWithSigner/OptVerifyWithVerifierare able to express a desired hash algorithm, but the current implementation ignores those values.When
OptSignWithSigner/OptVerifyWithVerifierare specified, I propose that we utilize the hash algorithm specified in the arguments, and store the value used in the signature descriptor.The text was updated successfully, but these errors were encountered: