Unsupported key type using rsa-pss

[jonasf21]

Version(s) affected

3.3.4

Description

A key created with openssl using rsa-pss and 4096 bits with sigopt rsa_pss_saltlen:32 seems to be unsupported while PS256 and HS256 is stated as supported. Loading the key results in:
PHP Fatal error: Uncaught InvalidArgumentException: Unsupported key type in vendor/web-token/jwt-framework/src/Library/KeyManagement/KeyConverter/KeyConverter.php:254

How to reproduce

Create a private key like this:

openssl req -newkey rsa-pss -new -nodes -x509 -days 3650 -pkeyopt rsa_keygen_bits:4096 -sigopt rsa_pss_saltlen:32 -keyout key.pem -out cert.pem

Use the key within the framework:

$key = JWKFactory::createFromKeyFile(
'/key.pem', // The filename
null, // Secret if the key is encrypted, otherwise null
// [
// 'use' => 'sig', // Additional parameters
// ]
);

Possible Solution

No response

Additional Context

No response

[Spomky]

Hello @jonasf21,

Many thanks for this bug report.
The problem comes from a sub package that does not support this type of keys.
When Spomky-Labs/pki-framework#49 is fixed, I will be able to verify an fix this issue as well.

Regards

[jonasf21]

Hello @Spomky

thanks for confirmation. Do you have any ETA on a fix or workaround? Or is this a rather complex to fix?

[Spomky]

Hi @jonasf21,

Can you test with the branch bugs/unsupported-rsassa-pss-keys and tell me if it fixes your issue?

[jonasf21]

Thanks, its works now. Sorry for the late reply!

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.