Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose RSA_PKCS1_SHA1 for RSA signing #1503

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

kjvalencik
Copy link

@kjvalencik kjvalencik commented Jun 27, 2022

RSA_PKCS1_SHA1_FOR_LEGACY_USE_ONLY is currently intentionally not available for RSA signing (only verification). However, it may be necessary when interacting with services that only support RSA SHA1 (e.g., Azure DevOps). This PR proposes exposing it publicly.

There were no existing SHA1 test vectors because they were removed in 2015 are not present in FIPS 186-4. I updated convert_nist_rsa_test_vectors.py to be able to accept an algorithm filter and generated a new test vector file with the SHA1 test vectors from FIPS 186-2.

This could be simplified by removing the test vector filtering code. The test runs fast enough that it would be fine to test everything from both versions.

@briansmith
Copy link
Owner

@kjvalencik Do you still need this? According to https://stackoverflow.com/a/60417115 Azure DevOps now does support better algorithms.

@kjvalencik
Copy link
Author

Yes, this is still needed. Even though Azure DevOps now supports rsa-sha2-256 and rsa-sha2-512 there are still many use cases that do not. For example, older switches and routers.

@nealwon
Copy link

nealwon commented Aug 22, 2024

Is this PR still active?

We strongly need this feature when interaction with some old systems.

@kjvalencik
Copy link
Author

@nealwon I still need it and have been using a fork for it. Hopefully it can be eventually merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants