F.Y.I. After converting the "Saturn" payment authorization scheme to use the hardware-backed "AndroidKeyStore", the JUnit test suite used for verifying the crypto responded with the following error message: java.security.InvalidAlgorithmParameterException: Unsupported MGF1 digest: SHA-256. Only SHA-1 supported
This came as a surprise since the excellent Bouncycastle library used by most Java developers (including myself) not only supports SHA-256 but also has it as default. Apparently only a part of RFC3447 was considered when the JOSE algorithms were defined https://tools.ietf.org/html/rfc7518#section-4.3 Fortunately the need for this kind of decryption on the client side is probably rather limited. Existing applications like S/MIME presumably use RFC3447 "as is". thanx, Anders https://cyberphone.github.io/doc/saturn/saturn-authorization.pdf _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
