As per https://tls.mbed.org/kb/generic/rsassa-pss knowledge base article, MbedTLS supports
RSAPSS signature verification according to PKCS#1 v2.1
I want to use RSAPSS as per PKCS #1 v2.2: RSA Cryptography Standard, RSA Laboratories, October 27,
more specifically RSAPSS with 2048bit sized key.
Is this supported in MbedTLS ? If not are there any functional differences between RSAPSS according to PKCS#1 v2.1 and PKCS#1 v2.2
According to RFC 8017 Appendix D:
Version 2.2 updates the list of allowed hashing algorithms to
align them with FIPS 180-4 [SHS], therefore adding SHA-224,
SHA-512/224, and SHA-512/256. The following substantive changes
* Object identifiers for sha224WithRSAEncryption,
sha512-224WithRSAEncryption, and sha512-256WithRSAEncryption
* This version continues to support the schemes in version 2.1.
Mbed TLS does not support the additional hash algorithms(except sha224), so it doesn’t support PKCS #1 v2.2 per se, but if you use on eof the supported hash algorithms, it should be compatible.
Mbed TLS Team member
Thanks a lot for your help and the great library.
I am required to use RSAPSS 2048 signature verification with SHA256 as the hashing algorithm. So I hope that I am good to go with the MbedTLS implementation, right ?
It should be ok for you