Hi all,
I want to know the sequence for signing and verifying a piece of data as per PKCS1 v2.0 specification using signature algorithm identifier as SHA1 using openssl v 0.9.7c. My understanding is that RSA_sign uses the PKCS1v2.1 specification. Awaiting your valuable response.. Regards Suram ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On Mon, May 30, 2005, Suram Chandra Sekhar wrote:
> Hi all, > I want to know the sequence for signing and verifying a piece of data as > per PKCS1 v2.0 specification using signature algorithm identifier as SHA1 > using openssl v 0.9.7c. > My understanding is that RSA_sign uses the PKCS1v2.1 specification. > > Awaiting your valuable response.. > There are two signature schemes in PKCS#1 v2.1. RSASSA-PKCS1-V1_5 is supported by RSA_sign() with details in the relevant manual pages. RSASSA-PSS is *not* supported by RSA_sign(). A prototype version of PSS padding code has appeared in the last 0.9.7-stable snapshots but these are not integrated into RSA_sign() and probably never will be in the 0.9.7 tree because various changes to the underlying structures would be needed. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Hi,
Thank you very much for the reply. I understood the schemes in PKCS#1v2.1. But some protocols wants the signature scheme as that defined in PKCS#1v2.0 as it has only one encoding method defined EMSA_PKCS1v1.5. How can I do this using Openssl 0.9.7c? Regards Suram At 09:35 PM 5/30/2005, Dr. Stephen Henson wrote: >On Mon, May 30, 2005, Suram Chandra Sekhar wrote: > > > Hi all, > > I want to know the sequence for signing and verifying a piece of data as > > per PKCS1 v2.0 specification using signature algorithm identifier as SHA1 > > using openssl v 0.9.7c. > > My understanding is that RSA_sign uses the PKCS1v2.1 specification. > > > > Awaiting your valuable response.. > > > >There are two signature schemes in PKCS#1 v2.1. > >RSASSA-PKCS1-V1_5 is supported by RSA_sign() with details in the relevant >manual pages. > >RSASSA-PSS is *not* supported by RSA_sign(). A prototype version of PSS >padding >code has appeared in the last 0.9.7-stable snapshots but these are not >integrated into RSA_sign() and probably never will be in the 0.9.7 tree >because various changes to the underlying structures would be needed. > >Steve. >-- >Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >OpenSSL project core developer and freelance consultant. >Funding needed! Details on homepage. >Homepage: http://www.drh-consultancy.demon.co.uk >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [hidden email] >Automated List Manager [hidden email] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
On Tue, May 31, 2005, Suram Chandra Sekhar wrote:
> Hi, > Thank you very much for the reply. > I understood the schemes in PKCS#1v2.1. > > But some protocols wants the signature scheme as that defined in PKCS#1v2.0 > as > it has only one encoding method defined EMSA_PKCS1v1.5. > > How can I do this using Openssl 0.9.7c? > That's the default OpenSSL uses in all versions. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Hi,
Thank you very much for the reply. I still have some confusion w.r.t to the version of the draft (PKCS#1 v2.0 and PKCS#1 v2.1 specification). I was referring to rfc3447 (PKCS#1 v2.1) and the older draft PKCS #1: RSA Cryptography Specifications Version 2.0. rfc3447(PKCS#1 v2.1) section 9.2 (EMSA-PKCS1-v1_5) says in step 5 as follows... 5. Concatenate PS, the DER encoding T, and other padding to form the encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || T. PKCS#1 v2.0 section 9.2.1 (EMSA_PKCS1-v1_5) says in step 5 as follows.. 5. Concatenate PS, the DER encoding T, and other padding to form the encoded message EM as: EM = 01 || PS || 00 || T When I use RSA_PKCS1_PADDING in Openssl function RSA_private_encrypt(), it is adding the stating bytes as 00 01 as defined in PKCS#1 v2.1. But as per PKCS#1 v2.0 specification, it must be only 01. The protocol requirement is to use PKCS#1v2.0. Please clarify on this. Regards Suram At 09:37 PM 5/31/2005, Dr. Stephen Henson wrote: On Tue, May 31, 2005, Suram Chandra Sekhar wrote: |
On Wed, Jun 01, 2005, Suram Chandra Sekhar wrote:
> Hi, > Thank you very much for the reply. > > I still have some confusion w.r.t to the version of the draft (PKCS#1 v2.0 > and PKCS#1 v2.1 specification). > > I was referring to rfc3447 (PKCS#1 v2.1) and the older draft > PKCS #1: RSA Cryptography Specifications Version 2.0. > > rfc3447(PKCS#1 v2.1) section 9.2 (EMSA-PKCS1-v1_5) says in step 5 as > follows... > > 5. Concatenate PS, the DER encoding T, and other padding to form the > encoded message EM as > EM = 0x00 || 0x01 || PS || 0x00 || T. > > PKCS#1 v2.0 section 9.2.1 (EMSA_PKCS1-v1_5) says in step 5 as follows.. > > 5. Concatenate PS, the DER encoding T, and other padding to form the > encoded message EM as: EM = 01 || PS || 00 || T > > > When I use RSA_PKCS1_PADDING in Openssl function RSA_private_encrypt(), it > is adding the stating bytes as 00 01 as defined in > PKCS#1 v2.1. > > But as per PKCS#1 v2.0 specification, it must be only 01. > > The protocol requirement is to use PKCS#1v2.0. > Then the PKCS#1v2.0 is wrong. That section is supposed to describe the system used by PKCS#1 v1.5 which includes the zero. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |