webcrypto-liner icon indicating copy to clipboard operation
webcrypto-liner copied to clipboard

Published 20 hours ago verified publisher icon PeculiarVentures

Support PKCS 1.5

Open rmhrisk opened this issue 9 years ago • 3 comments

Our decision to use asmcrypto.js means we do not get PKCS#1 1.5 from the third-party library, it seems like we can still accomplish this by padding and them using raw crypto.

Forge has a PKCS 1.5 implementation:

https://github.com/digitalbazaar/forge/blob/5f56c29c4bcd88b7b856ea04e5fd3063ab0f6888/js/rsa.js#L1406-L1472

And asymcrypto.js lets us do raw crypto: https://github.com/vibornoff/asmcrypto.js/blob/master/src/rsa/exports-raw.js

Asmcrypto.js also has a bug open to add support for PKCS1.5, we could try to work with them to get it natively supported.

rmhrisk avatar Sep 12 '16 21:09 rmhrisk

OpenPGP seems to have a cleaner PKCS1.5 impl - https://github.com/openpgpjs/openpgpjs/blob/c9b20c96e01e030b8c8424d0ca6e76b59e983c21/src/crypto/pkcs1.js

rmhrisk avatar Sep 14 '16 21:09 rmhrisk

Is this specifically for signing only, or are there plans to add encryption support (even though it's not in WebCrypto) to support legacy interoperability? Any insight on only having RSA-OAEP in WebCrypto and its implications for interoperating with existing S/MIME implementations?

abgoldberg avatar Sep 28 '16 21:09 abgoldberg

It already supports RSA OAEP (encryption), this should be enough for that. See https://peculiarventures.github.io/pv-webcrypto-tests/ for what is supported in each of your target UAs.

Most UAs seem to support RSA PKCS1.5, we can add support for it in the JS implementation but until it is clear there is a UA that would require it (possibly IE, for example) we won't do this work. That is what this bug is tracking.

rmhrisk avatar Sep 28 '16 21:09 rmhrisk