CA API Gateway: RSASSA-PKCS1-v1_5 not recommended
Article ID: 111569
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
In the GUI and documentation for the 'Encode Json Web Token' assertion, it is noted that
"CA Technologies strongly recommends using HMAC or ECDSA algorithms whenever possible. Use the RSASSA algorithms only when absolutely necessary for interoperability"
Why is RSASSA not recommended?
Environment
Release:
Component: APIESM
Component: APIESM
Resolution
Security considerations are the reason RSASSA-PKCS1-v1_5 algorithms are labelled as 'not recommended' in our GUI and documentation.
From the RFC section-3.3, "A key of size 2048 bits or larger MUST be used with these algorithms.". Since the key/key-size is also chosen by the user, we wanted to bring attention to the importance of the setting without limiting their ability to choose it.
From the RFC section-3.3, "A key of size 2048 bits or larger MUST be used with these algorithms.". Since the key/key-size is also chosen by the user, we wanted to bring attention to the importance of the setting without limiting their ability to choose it.
Additional Information
https://tools.ietf.org/html/rfc7518#section-3
https://tools.ietf.org/html/rfc7518#section-3.3
https://tools.ietf.org/html/rfc7518#section-3.3
Feedback
Yes
No
Powered by
