PKCS#1 v2.1 support

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

PKCS#1 v2.1 support

Antonio Ruiz Martínez
Hello!

    I would like to know if openssl is fully compliant with PKCS#1 v2.1
or if it is planned to support it in short.
Could you help me, please?

Regards,
Antonio.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#1 v2.1 support

Dr. Stephen Henson
On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote:

> Hello!
>
>    I would like to know if openssl is fully compliant with PKCS#1 v2.1
> or if it is planned to support it in short.
> Could you help me, please?
>

Depends on what you mean by "fully compliant"...

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: PKCS#1 v2.1 support

Antonio Ruiz Martínez
Dr. Stephen Henson wrote:
On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote:

  
Hello!

   I would like to know if openssl is fully compliant with PKCS#1 v2.1 
or if it is planned to support it in short.
Could you help me, please?

    

Depends on what you mean by "fully compliant"...

  
I would like to know if it supports the signature functions: RSASP1, RSAVP1, RSASSA-PSS and RSASSA-PKCS1-V1_5. I know that openssl supports rsassa-pkcs1-v1_5 but I don't know if the other ones are supported.

The question is that I have received a PKCS#1 that claims to be compliant with PKCS#1 v2.1. With the openssl, with rsautl, I'm getting an error telling me that the object is too long....
Then I have decrypted the information received and I have seen that its length it is 20 bytes, that is, a sha-1 digest. In PKCS#1 v1.5, it is not possible because we have to used the DigestInfo structure and that it is the reason because I'm getting the error with rsautl.
Then, I have been reading the PKCS#1 v2.1 standard and the funtions RSASSA-PSS and RSASSA-PKCS1-V1_5 have and encoding function but RSASP1, RSAVP1 not. After reading it I'm not sure it is possible to put directly the hash and openssl is not fully compliant or I don't understand very well the standard.

Regards,
Antonio.

Reply | Threaded
Open this post in threaded view
|

Re: PKCS#1 v2.1 support

Dr. Stephen Henson
On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote:

>
> The question is that I have received a PKCS#1 that claims to be
> compliant with PKCS#1 v2.1. With the openssl, with rsautl, I'm getting
> an error telling me that the object is too long....
> Then I have decrypted the information received and I have seen that its
> length it is 20 bytes, that is, a sha-1 digest. In PKCS#1 v1.5, it is
> not possible because we have to used the DigestInfo structure and that
> it is the reason because I'm getting the error with rsautl.
> Then, I have been reading the PKCS#1 v2.1 standard and the funtions
> RSASSA-PSS and RSASSA-PKCS1-V1_5 have and encoding function but RSASP1,
> RSAVP1 not. After reading it I'm not sure it is possible to put directly
> the hash and openssl is not fully compliant or I don't understand very
> well the standard.
>

Well there is support for PSS and OAEP from PKCS#1 v2.1 but it isn't fully
integrated into the API.

I'm assuming you've used the -verify option to rsautl and no other options to
change padding mode.

If it uses PSS and/or OAEP then you wouln't get that error instead you'd get a
padding check failure.

What I suspect you have is a non-standard PKCS#1 v1.5 which doesn't use the
expected DigestInfo but uses the raw digest instead.

If you want to confirm this you can use the -raw option and -hexdump.
If it has loads of 0XFF characters that will show its PKCS#1 v1.5.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]