ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
API Gateway: The use of 'RSASSA-PKCS-v1_5 using SHA-256' is not recommended
Article ID: 187185
CA API GatewayAPI SECURITYCA API Gateway Precision API Monitoring Module for API Gateway (Layer 7)CA API Gateway Enterprise Service Manager (Layer 7)STARTER PACK-7CA Microgateway
When using the Encode JSON Web Token assertion you may see a warning referencing the below:
The use of 'RSASSA-PKCS-v1_5 using SHA-256' is not recommended The use of 'RSASSA-PKCS-v1_5 using SHA-384' is not recommended The use of 'RSASSA-PKCS-v1_5 using SHA-512' is not recommended
Release : 9.4
Component : API GATEWAY
While the algorithm should not be used for encryption, it can still be used for signature in JWS.
Security considerations are the reason RSASSA-PKCS1-v1_5 algorithms are labeled as 'not recommended' in our GUI. From the RFC section-3.3, "A key of size 2048 bits or larger MUST be used with these algorithms.". Since the key/key-size is also chosen by the user, we wanted to bring attention to the importance of the setting without limiting their ability to choose it.