in server/signedcontainer/internal/convert/convert.go [131:164]
func PemToRsaSsaPssSha256KeysetHandle(pemBytes []byte) (*keyset.Handle, error) {
publicKey, err := unmarshalPEMToPublicKey(pemBytes)
if err != nil {
return nil, err
}
rsaPublicKey, ok := publicKey.(*rsa.PublicKey)
if !ok {
return nil, fmt.Errorf("public key is not a RSA public key: %v", publicKey)
}
// Turn this into a Tink key.
params, err := rsassapss.NewParameters(rsassapss.ParametersValues{
ModulusSizeBits: rsaPublicKey.N.BitLen(),
SigHashType: rsassapss.SHA256,
MGF1HashType: rsassapss.SHA256,
PublicExponent: rsaPublicKey.E,
SaltLengthBytes: rsa.PSSSaltLengthAuto,
}, rsassapss.VariantNoPrefix)
if err != nil {
return nil, err
}
tinkPublicKey, err := rsassapss.NewPublicKey(rsaPublicKey.N.Bytes(), 0, params)
if err != nil {
return nil, err
}
km := keyset.NewManager()
id, err := km.AddKey(tinkPublicKey)
if err != nil {
return nil, err
}
if err := km.SetPrimary(id); err != nil {
return nil, err
}
return km.Handle()
}