Clarification on Allowed Signature Algorithms: RSASSA-PSS vs. RSASSA-PKCS-v1_5

In the C2PA Specifications version 2.1, there seems to be a discrepancy regarding the allowed signature algorithms:

In **[section 13.2.1.](https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_signature_algorithms)**, the listed signature algorithms include only RSASSA-PSS for RSA-based signatures.
However, in **[section 14.5.1.1.](https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_general_requirements)**, the examples refer to `sha256WithRSAEncryption `and similar signatures, which are defined in RFC 8017, Appendix [A.2.4](https://datatracker.ietf.org/doc/html/rfc8017#appendix-A.2.4) describing **RSASSA-PKCS-v1_5**.
This raises the question:
Is **RSASSA-PKCS-v1_5** also allowed alongside RSASSA-PSS, or should it be considered deprecated/unsupported?

Could you please clarify the intended scope of allowed RSA signature algorithms in the specifications?

Thank you!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Clarification on Allowed Signature Algorithms: RSASSA-PSS vs. RSASSA-PKCS-v1_5 #82

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Clarification on Allowed Signature Algorithms: RSASSA-PSS vs. RSASSA-PKCS-v1_5 #82

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions