Release v0.4.2 - RSA-PSS RFC 9421 Compliance Fix · yaronf/httpsign

What's Changed

Bug Fix: RSA-PSS Salt Length Compliance

Fixed RSA-PSS signature generation to use the correct salt length (64 bytes for SHA-512) as required by RFC 9421 Section 3.3.1. This ensures interoperability with WebCrypto, JavaScript implementations, and other RFC-compliant HTTP Message Signatures libraries.

Details:

Changed from Go's default PSSSaltLengthAuto (~190 bytes) to PSSSaltLengthEqualsHash (64 bytes)
Follows TLS 1.3 and IETF CFRG consensus on RSA-PSS parameters
Verification remains backwards compatible with old signatures (auto-detects salt length)
Added explicit tests for salt length validation and backwards compatibility

Fixes: #17

Credit: Thanks to @dickhardt for reporting this issue and providing the detailed analysis!

Full Changelog: v0.4.1...v0.4.2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.4.2 - RSA-PSS RFC 9421 Compliance Fix

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

What's Changed

Bug Fix: RSA-PSS Salt Length Compliance

Contributors

Uh oh!