Treat RSASSA-PSS keys like rsaEncryption RSA keys
In theory we should treat any parameters and the identifier itself as
restriction to only use the key to create signatures accordingly (e.g.
only use RSA with PSS padding or even use specific hash algorithms).
But that's currently tricky as we'd have to store and pass this information
along with our private keys (i.e. use PKCS#8 to store them and change the
builder calls to pass along the identifier and parameters). That would
require quite some work.
projects / strongswan.git / commit