B.2.1. Minimal Signature Using rsa-pss-sha512

B.2.1. Minimal Signature Using rsa-pss-sha512

This example presents a minimal signature using the rsa-pss-sha512 algorithm over test-request, covering none of the components of the HTTP message but providing a timestamped signature proof of possession of the key with a signer-provided nonce.

The corresponding signature base is:

NOTE: '' line wrapping per RFC 8792

"@signature-params": ();created=1618884473;keyid="test-key-rsa-pss"
;nonce="b3k2pp5k7z-50gnwp.yemd"

This results in the following Signature-Input and Signature header fields being added to the message under the signature label sig-b21:

NOTE: '' line wrapping per RFC 8792

Signature-Input: sig-b21=();created=1618884473
;keyid="test-key-rsa-pss";nonce="b3k2pp5k7z-50gnwp.yemd" Signature: sig-b21=:d2pmTvmbncD3xQm8E9ZV2828BjQWGgiwAaw5bAkgibUopem
LJcWDy/lkbbHAve4cRAtx31Iq786U7it++wgGxbtRxf8Udx7zFZsckzXaJMkA7ChG
52eSkFxykJeNqsrWH5S+oxNFlD4dzVuwe8DhTSja8xxbR/Z2cOGdCbzR72rgFWhzx
2VjBqJzsPLMIQKhO4DGezXehhWwE56YCE+O6c0mKZsfxVrogUvA4HELjVKWmAvtl6
UnCh8jYzuVG5WSb/QEVPnP5TmcAnLH1g+s++v6d4s8m0gCw1fV5/SITLq9mhho8K3
+7EPYTU8IU1bLhdxO5Nyt8C8ssinQ98Xw9Q==:

Note that since the covered components list is empty, this signature could be applied by an attacker to an unrelated HTTP message. In this example, the nonce parameter is included to prevent the same signature from being replayed more than once, but if an attacker intercepts the signature and prevents its delivery to the verifier, the attacker could apply this signature to another message. Therefore, the use of an empty covered components set is discouraged. See Section 7.2.1 for more discussion.

Note that the RSA-PSS algorithm in use here is non-deterministic, meaning that a different signature value will be created every time the algorithm is run. The signature value provided here can be validated against the given keys, but newly generated signature values are not expected to match the example. See Section 7.3.5.