Title: RSA-PSS fails to verify · Issue #17 · yaronf/httpsign · GitHub
Open Graph Title: RSA-PSS fails to verify · Issue #17 · yaronf/httpsign
X Title: RSA-PSS fails to verify · Issue #17 · yaronf/httpsign
Description: From @dickhardt Turns out it's a salt length mismatch. Go's crypto/rsa defaults to PSSSaltLengthAuto, which stuffs in as much salt as the key can hold (~190 bytes for a 2048-bit key with SHA-512). On the JS side, WebCrypto wants you to s...
Open Graph Description: From @dickhardt Turns out it's a salt length mismatch. Go's crypto/rsa defaults to PSSSaltLengthAuto, which stuffs in as much salt as the key can hold (~190 bytes for a 2048-bit key with SHA-512). ...
X Description: From @dickhardt Turns out it's a salt length mismatch. Go's crypto/rsa defaults to PSSSaltLengthAuto, which stuffs in as much salt as the key can hold (~190 bytes for a 2048-bit key with SH...
Opengraph URL: https://github.com/yaronf/httpsign/issues/17
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"RSA-PSS fails to verify","articleBody":"From @dickhardt\n\nTurns out it's a salt length mismatch. Go's crypto/rsa defaults to PSSSaltLengthAuto, which stuffs in as much salt as the key can hold (~190 bytes for a 2048-bit key with SHA-512). On the JS side, WebCrypto wants you to specify saltLength explicitly, and the IETF consensus (CFRG list actually discussed this for HTTP Message Signatures specifically) is to follow TLS 1.3: salt length = hash output length, so 64 bytes for SHA-512.\n\nSo your side signs with ~190 bytes of salt, our side tries to verify expecting 64 bytes, and it blows up.\n\nIf you set rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash} in httpsign, that should fix it for any implementation following the TLS 1.3 / CFRG convention — which is basically everyone except Go's default.\n\nReferences:\n- CFRG discussion on RSA-PSS salt length for HTTP Message Signatures: https://mailarchive.ietf.org/arch/msg/cfrg/sWbRsGgrOyd1Os-9Pj902wGoc-8/\n- RFC 9421 Section 3.3.1 - HTTP Message Signatures (explicitly requires 64-byte salt): https://httpwg.org/specs/rfc9421.html#name-rsassa-pss-using-sha-512\n- Go crypto/rsa PSS docs: https://pkg.go.dev/crypto/rsa\n- WebCrypto RsaPssParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaPssParams","author":{"url":"https://github.com/yaronf","@type":"Person","name":"yaronf"},"datePublished":"2026-03-02T13:15:00.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/17/httpsign/issues/17"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:e5172503-5ac4-e234-fbf7-cc53ac342b91 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 9196:2C2A02:3292DB5:4705B90:6A4F7CAB |
| html-safe-nonce | 15906f4cd5b85d559d923dd5624616f1d869593a91da3cde58f60cf5fac54217 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5MTk2OjJDMkEwMjozMjkyREI1OjQ3MDVCOTA6NkE0RjdDQUIiLCJ2aXNpdG9yX2lkIjoiNTQzMjYyNDk4MjU0MTY5NjE3MSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | f16fb4aaa359c02c82e0f940c384dc8ef999e418ee4de3373c078ac83735cc1d |
| hovercard-subject-tag | issue:4011220071 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/yaronf/httpsign/17/issue_layout |
| twitter:image | https://opengraph.githubassets.com/62488aa6f93bc71b8d2a9e7abfc8274d3ba4a8ee8a604c36f28efcae9c9b51d1/yaronf/httpsign/issues/17 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/62488aa6f93bc71b8d2a9e7abfc8274d3ba4a8ee8a604c36f28efcae9c9b51d1/yaronf/httpsign/issues/17 |
| og:image:alt | From @dickhardt Turns out it's a salt length mismatch. Go's crypto/rsa defaults to PSSSaltLengthAuto, which stuffs in as much salt as the key can hold (~190 bytes for a 2048-bit key with SHA-512). ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | yaronf |
| hostname | github.com |
| expected-hostname | github.com |
| None | b92d11c0aa4a77d54ef4af1078b6a15fb5a70a215b30c4ecf28889d5a8e656d9 |
| turbo-cache-control | no-preview |
| go-import | github.com/yaronf/httpsign git https://github.com/yaronf/httpsign.git |
| octolytics-dimension-user_id | 1265636 |
| octolytics-dimension-user_login | yaronf |
| octolytics-dimension-repository_id | 445549248 |
| octolytics-dimension-repository_nwo | yaronf/httpsign |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 445549248 |
| octolytics-dimension-repository_network_root_nwo | yaronf/httpsign |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 4b249b445842943ed31549e027f57a8ade9881ed |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width