introduce support for certificate files in rsa/hs confusion#11
Open
borisbsv wants to merge 1 commit intoticarpi:masterfrom
Open
introduce support for certificate files in rsa/hs confusion#11borisbsv wants to merge 1 commit intoticarpi:masterfrom
borisbsv wants to merge 1 commit intoticarpi:masterfrom
Conversation
Reworked the way public key files are ingested for the rsa/hs confusion attack, so that passing a .509 certificate works as well. This was done in order to equalise the behaviour with option "8: Verify RSA sifnature against a Public Key", which accepts certificate .pem files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After being frustrated for embarassingly long, I figured out that the JWT algorithm replacement attack only accepts actual public keys, not certs. I hope to spare someone else the headbanging.
Reworked the way public key files are ingested for the rsa/hs confusion
attack, so that passing a .509 certificate works as well.
This was done in order to equalise the behaviour with option "8: Verify
RSA sifnature against a Public Key", which accepts certificate .pem
files.
This changelist does not change the current behaviour of the tool - passing in a public key file still works as expected.