You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recent Italian e-passports use rsassaPss/SHA512 for Document Signing Certificate.
The signature verification fails with OpenSSL error: ERROR: code: 67625095, reason: error:0407E087:rsa routines:RSA_verify_PKCS1_PSS_mgf1:salt length recovery failed
The static method verifySignature() in OpenSSLUtils class set the digest to SHA256 based on the string "rsassapss" instead of using the correct hashing algorithm.
Sorry to report this issue, I'm sure there is/was a reason for the code above but I don't know much about digital certificate standards and formats. Currently it fails the verification for rsassaPss/SHA512 signatures. I temporarily fixed the issue in my local code by passing the hashing algorithm string from the signed attributes as an extra parameters to use only in case of a "rsassapss" to the mentioned method.
Recent Italian e-passports use rsassaPss/SHA512 for Document Signing Certificate.
The signature verification fails with OpenSSL error:
ERROR: code: 67625095, reason: error:0407E087:rsa routines:RSA_verify_PKCS1_PSS_mgf1:salt length recovery failedThe static method verifySignature() in OpenSSLUtils class set the digest to SHA256 based on the string "rsassapss" instead of using the correct hashing algorithm.
Sorry to report this issue, I'm sure there is/was a reason for the code above but I don't know much about digital certificate standards and formats. Currently it fails the verification for rsassaPss/SHA512 signatures. I temporarily fixed the issue in my local code by passing the hashing algorithm string from the signed attributes as an extra parameters to use only in case of a "rsassapss" to the mentioned method.
The text was updated successfully, but these errors were encountered: