Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine #4018
Conversation
|
What's the reason for this? |
|
My use case is I have a number of existing processes using PKCS1v15 signatures that are not using Vault and I would really like for them to start using Vault! |
|
Just throwing my $0.02 out here.... First, I think the option of signature type in the documentation should be clear that people should use PSS instead of PCKS1v15 unless they know what they're doing (or just omit it and leave it to be the default). Most people will be confused by the difference, and one thing Vault does well is it isolates people from needing to know the lower-level crypto details like the difference between PSS and PKCS1v15. Second, it seems a bit kludgy to ask users to specify the signature type upon verify. Would it be possible to embed the signature type into the signed text returned by Vault so verify can just read it automatically? |
|
PSS was and is still the default. This provides the option for those who need it. Both signature types are clearly supported in |
|
@broamski I'm not against adding it, although I think you're generally better off switching to PSS. I'm trying to think through the right place for this kind of option. It's definitely not that field, it's too single-purpose -- there's always the possibility that such a choice might become available for some other key type. One possibility is simply a We could potentially do what Joel suggested and add it somehow to the output, although that would be a kind of a "spec change" for the output format. |
|
In my experience, both signing and verification don't always happen on Vault; usually, privileged actors sign with vault and the other end verifies using any number of different libraries - sometimes later, while offline. I have received a few grumbles from implementers of the offline verification process about having to remove the As far as proper placement of the parameter, I vote for |
Sure, but I can just see a lot of people asking the mailing list, "What is this signature_algorithm field? Which one should I use?" It'd be better to head off some of that by adding a little bit of information in the documentation, even if it's just something like, "If you don't have a need to explicitly set field, then leave it blank and accept the default." |
|
Any chance you want to implement the algorithm->hash_algorithm? :-) It's easy -- mark the first as deprecated, but in the code, read the second, and if it's not set, read the first. |
|
Of course! I'll try to get to it by later tonight/tomorrow morning. |
|
Updated to reflect our latest consensus. |
| algorithm := d.Get("urlalgorithm").(string) | ||
| if algorithm == "" { | ||
| algorithm = d.Get("algorithm").(string) | ||
| hashalgorithm := d.Get("urlalgorithm").(string) |
There was a problem hiding this comment.
Can we use casing for this var? hashalgorithm -> hashAlgorithm
| } | ||
| prehashed := d.Get("prehashed").(bool) | ||
| sigalgorithm := d.Get("signature_algorithm").(string) |
There was a problem hiding this comment.
s/sigalgorithm/sigAlgorithm
helper/keysutil/policy.go
Outdated
| @@ -836,7 +836,7 @@ func (p *Policy) HMACKey(version int) ([]byte, error) { | |||
| return p.Keys[strconv.Itoa(version)].HMACKey, nil | |||
| } | |||
|
|
|||
| func (p *Policy) Sign(ver int, context, input []byte, algorithm string) (*SigningResult, error) { | |||
| func (p *Policy) Sign(ver int, context, input []byte, hashalgorithm string, sigalgorithm string) (*SigningResult, error) { | |||
There was a problem hiding this comment.
Specifying the type for hashAlgorithm can be skipped and hashAlgorithm, sigAlgorithm string should be sufficient.
| @@ -805,6 +805,12 @@ supports signing. | |||
| hashed. If the key type is `rsa-2048` or `rsa-4096`, then the algorithm used | |||
| to hash the input should be indicated by the `algorithm` parameter. | |||
|
|
|||
| - `rsa_sig_type` `(string: "pss")` – When using a RSA key, specifies the RSA | |||
|
Updated to address latest review. |
| "algorithm": &framework.FieldSchema{ | ||
| Type: framework.TypeString, | ||
| Default: "sha2-256", | ||
| Description: `Deprecated: use "hash_algorithm" instead. Hash algorithm to use (POST body parameter). Valid values are: |
There was a problem hiding this comment.
I don't think you need to duplicate the help text here; should be sufficient to just mark it deprecated and to use hash_algorithm instead, since they can see the help text there, and the behavior for both parameters is exactly the same.
| @@ -63,6 +78,12 @@ to the min_encryption_version configured on the key.`, | |||
| Type: framework.TypeBool, | |||
| Description: `Set to 'true' when the input is already hashed. If the key type is 'rsa-2048' or 'rsa-4096', then the algorithm used to hash the input should be indicated by the 'algorithm' parameter.`, | |||
| }, | |||
| "signature_algorithm": &framework.FieldSchema{ | |||
| Type: framework.TypeString, | |||
| Default: "pss", | |||
There was a problem hiding this comment.
I don't think we should have a default, it ties this strongly to RSA. Instead I'd suggest the default behavior is just dependent on the type of key and this stays a blank string.
| algorithm = d.Get("algorithm").(string) | ||
| hashAlgorithm := d.Get("urlalgorithm").(string) | ||
| if hashAlgorithm == "" { | ||
| hashAlgorithm = d.Get("algorithm").(string) |
There was a problem hiding this comment.
Flip the order of these; prefer the non-deprecated one first.
`hash_algorithm` in order support multiple rsa signature algorithms in the Tranit secret engine.
|
Thanks! |
No description provided.