Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn about usage saltLength: 0 for RSA PSS sign/verify #95

Open
olegbespalov opened this issue Oct 30, 2024 · 0 comments
Open

Warn about usage saltLength: 0 for RSA PSS sign/verify #95

olegbespalov opened this issue Oct 30, 2024 · 0 comments
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@olegbespalov
Copy link
Contributor

What?

While implementing support of RSA #85 we've found that standard Golang's SDK doesn't provide support of the saltLength: 0, instead it always tries to generate salt with the maximum length.

This led us for the patch to WebPlatfrom tests:
https://github.com/grafana/xk6-webcrypto/blob/main/webcrypto/tests/wpt-patches/WebCryptoAPI__sign_verify__rsa.js.patch

Since some use cases could actually try to use the lengths of salt 0 we need to issue a log warning user that the actual behavior of our implementation is different.

Why?

It improves UX and makes implementation predictable.
@olegbespalov olegbespalov added good first issue Good for newcomers help wanted Extra attention is needed labels Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@olegbespalov