Merge pull request #7 from haaspors/rsa-pss-sign

Add RSA PSS signing options
ericnorris · Jul 2, 2021 · b5bc83f · b5bc83f
2 parents 62eeac7 + 3326161
commit b5bc83f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -35,6 +35,10 @@ RSA signing algorithms:
 - RSA_SIGN_PKCS1_3072_SHA256
 - RSA_SIGN_PKCS1_4096_SHA256
 - RSA_SIGN_PKCS1_4096_SHA512
+- RSA_SIGN_PSS_2048_SHA256
+- RSA_SIGN_PSS_3072_SHA256
+- RSA_SIGN_PSS_4096_SHA256
+- RSA_SIGN_PSS_4096_SHA512
 
 
 ## Usage

diff --git a/kmssign/google.go b/kmssign/google.go
@@ -246,6 +246,16 @@ func determineSignatureAlgorithm(
 	case kmspb.CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512:
 		return x509.SHA512WithRSA, crypto.SHA512, nil
 
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256:
+		fallthrough
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256:
+		fallthrough
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256:
+		return x509.SHA256WithRSAPSS, crypto.SHA256, nil
+
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512:
+		return x509.SHA512WithRSAPSS, crypto.SHA512, nil
+
 	case kmspb.CryptoKeyVersion_EC_SIGN_P256_SHA256:
 		return x509.ECDSAWithSHA256, crypto.SHA256, nil