Crypto.RSASignModes.PSS_SHA512 and salt length

Eric_Baumgartner · December 10, 2025, 12:51am

Happy to see support for PSS making it to release.

Is there any information available about what salt_length Xojo is using for PSS, and whether this varies for the different hash sizes?

Not knowing this effectively prohibits any kind of compatibility with signatures generated outside of Xojo: in my case, via python’s cryptography library.

It would be great to not only know the salt_length value used (so external code can verify signatures created in Xojo), but also be able to pass a known salt_length in (so Xojo can verify signatures created elsewhere that might use a different salt length than Xojo assumes).

William_Yu · December 10, 2025, 4:44pm

Yes, we use the default/standard salt length depending on the hash, i.e. 20 bytes for SHA1, 32 bytes for SHA256 and 64 bytes for SHA512.
If you would like to set a different salt length please add a feature request in Issues, thanks.

Eric_Baumgartner · December 11, 2025, 7:29am

Thanks, that’s super helpful.

New issue here: https://tracker.xojo.com/xojoinc/xojo/-/issues/80500