OpenSSL › OpenSSL - User

how to sign as per PKCS1 v2.0.

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

6 messages Options

Suram Chandra Sekhar

how to sign as per PKCS1 v2.0.

Hi all,
I want to know the sequence for signing and verifying a piece of data as
per PKCS1 v2.0 specification using signature algorithm identifier as SHA1
using openssl v 0.9.7c.
My understanding is that RSA_sign uses the PKCS1v2.1 specification.

Awaiting your valuable response..

Regards
Suram

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Dr. Stephen Henson

Re: how to sign as per PKCS1 v2.0.

On Mon, May 30, 2005, Suram Chandra Sekhar wrote:

> Hi all,
> I want to know the sequence for signing and verifying a piece of data as
> per PKCS1 v2.0 specification using signature algorithm identifier as SHA1
> using openssl v 0.9.7c.
> My understanding is that RSA_sign uses the PKCS1v2.1 specification.
>
> Awaiting your valuable response..
>

There are two signature schemes in PKCS#1 v2.1.

RSASSA-PKCS1-V1_5 is supported by RSA_sign() with details in the relevant
manual pages.

RSASSA-PSS is *not* supported by RSA_sign(). A prototype version of PSS padding
code has appeared in the last 0.9.7-stable snapshots but these are not
integrated into RSA_sign() and probably never will be in the 0.9.7 tree
because various changes to the underlying structures would be needed.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Suram Chandra Sekhar

Re: how to sign as per PKCS1 v2.0.

Hi,
Thank you very much for the reply.
I understood the schemes in PKCS#1v2.1.

But some protocols wants the signature scheme as that defined in PKCS#1v2.0 as
it has only one encoding method defined EMSA_PKCS1v1.5.

How can I do this using Openssl 0.9.7c?

Regards
Suram

At 09:35 PM 5/30/2005, Dr. Stephen Henson wrote:

>On Mon, May 30, 2005, Suram Chandra Sekhar wrote:
>
> > Hi all,
> > I want to know the sequence for signing and verifying a piece of data as
> > per PKCS1 v2.0 specification using signature algorithm identifier as SHA1
> > using openssl v 0.9.7c.
> > My understanding is that RSA_sign uses the PKCS1v2.1 specification.
> >
> > Awaiting your valuable response..
> >
>
>There are two signature schemes in PKCS#1 v2.1.
>
>RSASSA-PKCS1-V1_5 is supported by RSA_sign() with details in the relevant
>manual pages.
>
>RSASSA-PSS is *not* supported by RSA_sign(). A prototype version of PSS
>padding
>code has appeared in the last 0.9.7-stable snapshots but these are not
>integrated into RSA_sign() and probably never will be in the 0.9.7 tree
>because various changes to the underlying structures would be needed.
>
>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>OpenSSL project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [hidden email]
>Automated List Manager [hidden email]

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Dr. Stephen Henson

Re: how to sign as per PKCS1 v2.0.

On Tue, May 31, 2005, Suram Chandra Sekhar wrote:

> Hi,
> Thank you very much for the reply.
> I understood the schemes in PKCS#1v2.1.
>
> But some protocols wants the signature scheme as that defined in PKCS#1v2.0
> as
> it has only one encoding method defined EMSA_PKCS1v1.5.
>
> How can I do this using Openssl 0.9.7c?
>

That's the default OpenSSL uses in all versions.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Suram Chandra Sekhar

Re: how to sign as per PKCS1 v2.0.

Hi,
Thank you very much for the reply.

I still have some confusion w.r.t to the version of the draft (PKCS#1 v2.0 and PKCS#1 v2.1 specification).

I was referring to rfc3447 (PKCS#1 v2.1) and the older draft
PKCS #1: RSA Cryptography Specifications Version 2.0.

rfc3447(PKCS#1 v2.1) section 9.2 (EMSA-PKCS1-v1_5) says in step 5 as follows...

5. Concatenate PS, the DER encoding T, and other padding to form the
encoded message EM as
EM = 0x00 || 0x01 || PS || 0x00 || T.

PKCS#1 v2.0 section 9.2.1 (EMSA_PKCS1-v1_5) says in step 5 as follows..

5. Concatenate PS, the DER encoding T, and other padding to form the
encoded message EM as: EM = 01 || PS || 00 || T

When I use RSA_PKCS1_PADDING in Openssl function RSA_private_encrypt(), it is adding the stating bytes as 00 01 as defined in
PKCS#1 v2.1.

But as per PKCS#1 v2.0 specification, it must be only 01.

The protocol requirement is to use PKCS#1v2.0.

Please clarify on this.

Regards
Suram

At 09:37 PM 5/31/2005, Dr. Stephen Henson wrote:

On Tue, May 31, 2005, Suram Chandra Sekhar wrote:

> Hi,
> Thank you very much for the reply.
> I understood the schemes in PKCS#1v2.1.
>
> But some protocols wants the signature scheme as that defined in PKCS#1v2.0
> as
> it has only one encoding method defined EMSA_PKCS1v1.5.
>
> How can I do this using Openssl 0.9.7c?
>

That's the default OpenSSL uses in all versions.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Dr. Stephen Henson

Re: how to sign as per PKCS1 v2.0.

On Wed, Jun 01, 2005, Suram Chandra Sekhar wrote:

> Hi,
> Thank you very much for the reply.
>
> I still have some confusion w.r.t to the version of the draft (PKCS#1 v2.0
> and PKCS#1 v2.1 specification).
>
> I was referring to rfc3447 (PKCS#1 v2.1) and the older draft
> PKCS #1: RSA Cryptography Specifications Version 2.0.
>
> rfc3447(PKCS#1 v2.1) section 9.2 (EMSA-PKCS1-v1_5) says in step 5 as
> follows...
>
> 5. Concatenate PS, the DER encoding T, and other padding to form the
> encoded message EM as
> EM = 0x00 || 0x01 || PS || 0x00 || T.
>
> PKCS#1 v2.0 section 9.2.1 (EMSA_PKCS1-v1_5) says in step 5 as follows..
>
> 5. Concatenate PS, the DER encoding T, and other padding to form the
> encoded message EM as: EM = 01 || PS || 00 || T
>
>
> When I use RSA_PKCS1_PADDING in Openssl function RSA_private_encrypt(), it
> is adding the stating bytes as 00 01 as defined in
> PKCS#1 v2.1.
>
> But as per PKCS#1 v2.0 specification, it must be only 01.
>
> The protocol requirement is to use PKCS#1v2.0.
>

Then the PKCS#1v2.0 is wrong. That section is supposed to describe the system
used by PKCS#1 v1.5 which includes the zero.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]