Skip to content

feat(xmldsig): add RSA signature verification #21

Description

@polaz

Summary

Implement roadmap task P1-019: RSA signature verification for XMLDSig using ring::signature.

Scope

  • add PKCS#1 v1.5 verification for RSA-SHA1, RSA-SHA256, RSA-SHA384, RSA-SHA512
  • accept SubjectPublicKeyInfo PEM/DER public keys from vendored fixtures
  • add regression tests for valid and invalid signatures
  • keep public API aligned with the existing XMLDSig parsing/reference pipeline

Acceptance Criteria

  • RSA verify path validates canonicalized SignedInfo bytes against SignatureValue
  • algorithms map correctly to ring verification algorithms
  • malformed/unsupported key material returns a typed error
  • tests cover success and signature mismatch cases

Estimate

1d 4h

  • research and API fit: 2h
  • implementation: 5h
  • tests and verification: 3h

Refs arch/ROADMAP.md P1-019
Refs arch/xmldsig.md
Refs .refs/features/03-xmldsig-verify.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions