Skip to main content

3.3.2. RSASSA-PKCS1-v1_5 Using SHA-256

3.3.2. RSASSA-PKCS1-v1_5 Using SHA-256

To sign using this algorithm, the signer applies the RSASSA- PKCS1-V1_5-SIGN (K, M) function defined in [RFC8017] with the signer's private signing key (K) and the signature base (M) (Section 2.5). The hash SHA-256 [RFC6234] is applied to the signature base to create the digest content to which the digital signature is applied. The resulting signed content byte array (S) is the HTTP message signature output used in Section 3.1.

To verify using this algorithm, the verifier applies the RSASSA- PKCS1-V1_5-VERIFY ((n, e), M, S) function [RFC8017] using the public key portion of the verification key material (n, e) and the signature base (M) recreated as described in Section 3.2. The hash function SHA-256 [RFC6234] is applied to the signature base to create the digest content to which the verification function is applied. The verifier extracts the HTTP message signature to be verified (S) as described in Section 3.2. The results of the verification function indicate whether the signature presented is valid.

The use of this algorithm can be indicated at runtime using the rsa- v1_5-sha256 value for the alg signature parameter.

Last updated on