diff options
| author | Marti Raudsepp <marti@juffo.org> | 2018-06-30 02:27:28 +0300 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-06-29 16:27:28 -0700 |
| commit | 3367806cd464fac96abd1b8416700ad174e8b64d (patch) | |
| tree | 914a214ce9072c46db1f911926a8785fc60530ff /docs/x509 | |
| parent | 682014558f3521a942cdce3932837659ce24df34 (diff) | |
| download | cryptography-3367806cd464fac96abd1b8416700ad174e8b64d.tar.gz cryptography-3367806cd464fac96abd1b8416700ad174e8b64d.tar.bz2 cryptography-3367806cd464fac96abd1b8416700ad174e8b64d.zip | |
Add OID for RSASSA-PSS X.509 signature algorithm (RFC 4055) (#4294)
In 2005, IETF devised a more secure padding scheme to replace PKCS #1
v1.5. To make sure that nobody can easily support or use it, they
mandated lots of complicated parameters in the certificate, unlike any
other X.509 signature scheme.
https://tools.ietf.org/html/rfc4055
`_SIG_OIDS_TO_HASH` and `Certificate.signature_hash_algorithm` cannot be
supported as-is, because the hash algorithm is defined in the signature
algorithm parameters, not by the OID itself.
Diffstat (limited to 'docs/x509')
| -rw-r--r-- | docs/x509/reference.rst | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 7a41e1f3..3fc6507e 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -2569,6 +2569,15 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"1.2.840.113549.1.1.13"``. This is a SHA512 digest signed by an RSA key. + .. attribute:: RSASSA_PSS + + .. versionadded:: 2.3 + + Corresponds to the dotted string ``"1.2.840.113549.1.1.10"``. This is + signed by an RSA key using the Probabilistic Signature Scheme (PSS) + padding from RFC 4055. The hash function and padding are defined by + signature algorithm parameters. + .. attribute:: ECDSA_WITH_SHA1 Corresponds to the dotted string ``"1.2.840.10045.4.1"``. This is a SHA1 |