Am 24.09.21 um 00:54 schrieb Selva Nair: > Hi, > > > from the management interface. But I haven't found the right > Signature > method from java yet to actually sign it correctly: > > sig = Signature.getInstance(SHA256withRSA/PSS); > > > SHA256withRSA/PSS may be trying to first do Sha256 digest of the data > and then pad and sign. Instead try this: "NonewithRSASSA-PSS" or > "NonewithRSA/PSS"
Yeah, That *would* be the correct algorithm for that. Unfortunately the Android Keystore does not support that one (https://developer.android.com/training/articles/keystore#SupportedSignatures) Manually adding the RSA/PSS padding and then signing with "RSA/ECB/NoPadding" like I did in OpenSSL 1.1 days works. But I would like to avoid implementing RSA/PSS myself but the crypto libraries seem not be helpful in providing an implementation for that. OpenSSL has RSA_padding_add_PKCS1_PSS_mgf1 but it is deprecated in 3.0 and the Java crypto API also does not seem to expose an API for just padding it seems. But on the plus side, using that workaround the external key provider works with EC and RSA on Android. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
