Add PS256 and EC signing algorithm options to the Encryptor Sign module | Community
Skip to main content
C
cverges
Level 5
October 17, 2024
New

Add PS256 and EC signing algorithm options to the Encryptor Sign module

  • October 17, 2024
  • 1 reply
  • 484 views

Description

The Sign module in Fusion currently only supports RS1 and RS256 as signing algorithms.  Many applications are deprecating these in favor of PS256 (RSA PSS variant) or EC (elliptic curve).

 

Why is this feature important to you

NetSuite recently announced that RSA PSS is now the minimum required and RS256 is no longer allowed.  https://community.oracle.com/netsuite/english/discussion/4490520/end-of-support-for-rsa-pkcsv1-5-scheme-for-oauth-2-0.  As such, our Fusion-to-NetSuite integrations using OAuth 2.0 is now deprecated.

 

How would you like the feature to work

Add the additional signing option(s) to the Encryptor modules.  PS256 would be minimum, but PS256 and ES256 and EdDSA would be ideal for future proofing since RSA as a whole is generally less preferred than EC.

 

Current Behaviour

Only RS1 and RS256 are given as options.

    1 reply

    C
    cvergesAuthor
    Level 5
    October 17, 2024

    For those needing this for JWT-related reasons, there is a new JWT module (currently in beta as of this writing) which does have more support for these.  But since it's JWT-specific, it may not give you the type of flexibility needed for your use case.  So this basic ask around the Encryptor still holds.

    Terms & ConditionsAccessibility statement

    Loading footer...