Re: [webauthn] RS256 test vector has seemingly incorrect key size of 3482 bits (#2333) from Emil Lundberg via GitHub on 2025-09-26 (public-webauthn@w3.org from September 2025)

From: Emil Lundberg via GitHub <noreply@w3.org>
Date: Fri, 26 Sep 2025 11:23:14 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3338215409-1758885792-noreply@w3.org>

> assumption an RS256 modulus would be 256 bytes

Ah, I see. I too initially read "ES256" as "ES-256" for something like "ECDSA Signature on P-256", so it is tempting to read "RS256" as "RS-256" for something like "RSA-256bytes". But that's not quite how the name is constructed. Rather, one should think of it as "R-S256":

Name | Hash | Description
-- | -- | --
RS256 | SHA-256 | RSASSA-PKCS1-v1_5 using SHA-256
RS384 | SHA-384 | RSASSA-PKCS1-v1_5 using SHA-384
RS512 | SHA-512 | RSASSA-PKCS1-v1_5 using SHA-512
RS1 | SHA-1 | RSASSA-PKCS1-v1_5 using SHA-1
ES256 | SHA-256 | ECDSA w/ SHA-256 (and [on curve P-256 within WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-alg-identifier), but any curve in general)
ES384 | SHA-384 | ECDSA w/ SHA-384 (and [on curve P-384 within WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-alg-identifier), but any curve in general)
ES512 | SHA-512 | ECDSA w/ SHA-512 (and [on curve P-521 within WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-alg-identifier), but any curve in general)

(Note in particular how it's `ES512`, not `ES521` as it would be if the number referred to the curve P-521.)

And yes, it is good practice to match the security levels of key sizes and hashes, but these COSE identifiers do not strictly require that (except the ECDSA ones do [within WebAuthn](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-alg-identifier)...).

See also [Fully-Specified Algorithms for JOSE and COSE](https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-13.html) which specifies EC identifiers that do restrict the key size (curve) even outside WebAuthn, but note that those are [not recommended for use in WebAuthn](https://github.com/w3c/webauthn/pull/2283).

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2333#issuecomment-3338215409 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 26 September 2025 11:23:15 UTC