VerifyingKey from PublicKey PEM fails

[justindthomas]

This may totally be ignorance on my part, but I cannot figure out how to verify a pkcs1v15 signature using a PublicKey that has been instantiated from a PEM string.

Verification starting with this sequence works fine.

let private_key = RsaPrivateKey::from_pkcs8_pem(&private_key_pem).unwrap();
let signing_key = SigningKey::<Sha256>::new_with_prefix(private_key.clone());

let verifying_key: VerifyingKey<_> = (&signing_key).into();

Starting with this sequence fails.

let private_key = RsaPrivateKey::from_pkcs8_pem(&private_key_pem).unwrap();
let public_key = RsaPublicKey::from(&private_key);

let verifying_key: VerifyingKey<Sha256> = public_key.into();

Note that I've simplified the above to remove the PEM conversion because I found that even just going straight to the RsaPublicKey from the RsaPrivateKey directly also fails and I figured I'd just eliminate the possibility that my PEM file was corrupt in some way. I also tried using VerifyingKey::from(public_key). That also fails.

What am I doing wrong?

[tarcieri]

Offhand your problem seems unrelated to PEM.

I think the issue is you're doing SigningKey::new_with_prefix but not also doing VerifyingKey::new_with_prefix.

This will cause a mismatch between the digest used for signing and the one used for verification.

FWIW we understand these APIs are somewhat confusing and have #238 open as a tracking issue for improvements, ideally getting rid of the new vs new_with_prefix distinction and making the selection automatic.

[justindthomas]

Oh wow, that solved all my problems. Thanks! I saw those threads, but I think I didn't look at anything that started with new because I was stuck on figuring out how to convert from either the SigningKey or the PublicKey (per the example documentation). So into and from seemed natural, but new not so much.

Thanks again!