Android client - RSASSA-PSS
RFC 7427 and BSI TR-02102-3 (german only):
recommend the newer RSASSA-PSS method for authentification with RSA digital signatures.
RFC 7427, chaptre 1:
In IKEv2, authentication using RSA digital signatures calls for
padding based on RSASSA-PKCS1-v1_5, although the newer RSASSA-PSS
padding method is now recommended.
It looks like StrongSwan Android App v1.8.2 don't support secure RSASSA-PSS with SHA-256 (see RFC 7427, chaptre A4.3). StrongSwan Android App v1.8.2 supports only the less secure RSASSA-PKCS1-v1.5 with SHA-256 (sha256WithRSAEncryption => see RFC 7427, chaptre A.1.2).
Could you please add (for security reasons) RSASSA-PSS support to StrongSwan Android App. Thank you.
#3 Updated by Hans Muster 9 months ago
StrongSwan Android App v1.9.5 works with StrongSwan v5.6.1. StrongSwan v5.6.1 should support RSASSA-PSS signatures:
But StrongSwan Android App v1.9.5 doesn't support RSASSA-PSS signatures. Is there a secret/hidden way to activate RSASSA-PSS support in StrongSwan Android App v1.9.5. Thank you.