Last time out, I added support for RSASSA-PSS encoded signatures to the ursa Node.js module. The code I added exposes the OpenSSL implementation of RSASSA-PSS to Node.js programs. RFC 3447 recommends new applications use RSASSA-PSS instead of the older RSASSA-PKCS1-v1_5 scheme.

RFC 3447 also recommends new applications use RSAES-OAEP ciphertext encoding instead of the older RSAES-PKCS1-v1_5 scheme. ursa already exposes the OpenSSL RSAES-OAEP implementation to Node.js programs.

I've been using Tom Wu's RSA Javascript library in a non-Node.js project. Tom's library is pure Javascript (it doesn't wrap native code) and I wanted to contribute something back:

• A Javascript implementation of RSASSA-PSS signature encoding.
• A Javascript implementation of RSAES-OAEP ciphertext encoding.

RSASSA-PSS in Javascript

I'm really standing on the shoulders of giants here. The Forge project already has a PSS implementation.

The PSS algorithm relies on hash functions and so the Forge implementation necessarily relies on other bits of Forge.

The project I'm working on actually uses Tom Wu's RSA library as distributed in Kenji Urushima's excellent jsjws. jsjws implements JSON Web Signatures (JWS) in pure Javascript. JWS is a standard mechanism and format for signing JSON data. I'll write some more about jsjws in future posts.

So what I ended up doing was to add a PSS implementation to jsjws, using RFC 3447 and the Forge PSS implementation as references. The code isn't too complicated but it's best to read it alongside the spec. You'll also need to refer to the encoding section of the spec.

RSASSA-PSS encoding is now merged into jwjws mainline. In a future post I'll describe a simple signing and verification library I wrote which makes it easy to use PSS (and OAEP) for common cases on Node.js or in the browser. I'll also describe some interoperability tests I ran between OpenSSL, Node.js and browser.

RSAES-OAEP in Javascript

More giants and shoulders here! Ellis Pritchard has implemented RSAES-OAEP in Javascript and so has David Madden.

Ellis's implementation is part of webrsa and David's uses CryptoJS.

So again, I used these together with the RFC to help me add OAEP encoding to jsjws. The code has been merged into jsjws.

Next time out, I'll describe another enhancement I made to jsjws plus some libraries I derived from it.