ring icon indicating copy to clipboard operation
ring copied to clipboard
verified publisher icon briansmith

Expose RSA_PKCS1_SHA1 for RSA signing

Open kjvalencik opened this issue 3 years ago • 4 comments

RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY is currently intentionally not available for RSA signing (only verification). However, it may be necessary when interacting with services that only support RSA SHA1 (e.g., Azure DevOps). This PR proposes exposing it publicly.

There were no existing SHA1 test vectors because they were removed in 2015 are not present in FIPS 186-4. I updated convert_nist_rsa_test_vectors.py to be able to accept an algorithm filter and generated a new test vector file with the SHA1 test vectors from FIPS 186-2.

This could be simplified by removing the test vector filtering code. The test runs fast enough that it would be fine to test everything from both versions.

kjvalencik avatar Jun 27 '22 20:06 kjvalencik

@kjvalencik Do you still need this? According to https://stackoverflow.com/a/60417115 Azure DevOps now does support better algorithms.

briansmith avatar Oct 14 '23 01:10 briansmith

Yes, this is still needed. Even though Azure DevOps now supports rsa-sha2-256 and rsa-sha2-512 there are still many use cases that do not. For example, older switches and routers.

kjvalencik avatar Oct 16 '23 18:10 kjvalencik