You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the process of investigating the pycrypto/dome dependency on the python-rsa backend, I discovered that the PKCS8 encoding being performed for RSA private keys by the python-rsa backend is incompatible with the other backends.
Digging deeper, I found that the magic prefix[1] being added to the PKCS1 encoded private key[2] is both invalid per the PKCS8 spec[3] and incorrectly sets a static message size.
This results in the serialized keys being unreadable by any other system, and also in the python-rsa backend being unable to deserialize any keys written by a correct system.
Addressed in #120. I put it on top of backend-explicit-tests because it's much more difficult to actually isolate and test this behavior before that branch.
In the process of investigating the
pycrypto/dome
dependency on thepython-rsa
backend, I discovered that the PKCS8 encoding being performed for RSA private keys by thepython-rsa
backend is incompatible with the other backends.Digging deeper, I found that the magic prefix[1] being added to the PKCS1 encoded private key[2] is both invalid per the PKCS8 spec[3] and incorrectly sets a static message size.
This results in the serialized keys being unreadable by any other system, and also in the
python-rsa
backend being unable to deserialize any keys written by a correct system.Current magic prefix:
Full key from tests, header tweaked to have a valid length
Prefix should be:
Full key from tests
[1] https://github.com/mpdavis/python-jose/blob/master/jose/backends/rsa_backend.py#L15
[2] https://github.com/mpdavis/python-jose/blob/master/jose/backends/rsa_backend.py#L186
[3] https://tools.ietf.org/html/rfc5208#page-5
The text was updated successfully, but these errors were encountered: