Project

General

Profile

Feature #2367

Android client - RSASSA-PSS

Added by Hans Muster about 1 year ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Category:
android
Target version:
Start date:
24.06.2017
Due date:
Estimated time:
Resolution:
Fixed

Description

RFC 7427 and BSI TR-02102-3 (german only):

https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html

recommend the newer RSASSA-PSS method for authentification with RSA digital signatures.

RFC 7427, chaptre 1:

In IKEv2, authentication using RSA digital signatures calls for
padding based on RSASSA-PKCS1-v1_5, although the newer RSASSA-PSS
padding method is now recommended.

It looks like StrongSwan Android App v1.8.2 don't support secure RSASSA-PSS with SHA-256 (see RFC 7427, chaptre A4.3). StrongSwan Android App v1.8.2 supports only the less secure RSASSA-PKCS1-v1.5 with SHA-256 (sha256WithRSAEncryption => see RFC 7427, chaptre A.1.2).

Could you please add (for security reasons) RSASSA-PSS support to StrongSwan Android App. Thank you.


Related issues

Related to Feature #2427: Implementing RFC 8247Closed

History

#1 Updated by Tobias Brunner about 1 year ago

  • Status changed from New to Feedback

strongSwan currently does not support RSASSA-PSS. Until it does the Android client won't support it either.

#2 Updated by Tobias Brunner about 1 year ago

#3 Updated by Hans Muster 9 months ago

StrongSwan Android App v1.9.5 works with StrongSwan v5.6.1. StrongSwan v5.6.1 should support RSASSA-PSS signatures:

https://wiki.strongswan.org/versions/67

Feature #2427

But StrongSwan Android App v1.9.5 doesn't support RSASSA-PSS signatures. Is there a secret/hidden way to activate RSASSA-PSS support in StrongSwan Android App v1.9.5. Thank you.

#4 Updated by Tobias Brunner 3 months ago

  • Category set to android
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.7.0
  • Resolution set to Fixed

Also available in: Atom PDF