help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA sign/verify and hash generation functions

From: Alessandro Vesely
Subject: Re: RSA sign/verify and hash generation functions
Date: Thu, 09 Dec 2010 18:59:09 +0100
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6 
On 08/Dec/10 23:56, Murray S. Kucherawy wrote:
>> -----Original Message-----
>> From: Nikos Mavrogiannopoulos [mailto:address@hidden On Behalf Of Nikos 
>> Mavrogiannopoulos
>> Sent: Wednesday, December 08, 2010 2:25 PM
>> To: Murray S. Kucherawy
>> Cc: address@hidden
>> Subject: Re: RSA sign/verify and hash generation functions
>> 
>> Which signing method do you use with openssl? In gnutls we support only
>> PKCS #1 1.5 signatures (that one required by TLS).
> 
> Ah, maybe that's the problem.  The RSA_sign() man page from OpenSSL says:
> 
>        RSA_sign() signs the message digest m of size m_len using the private
>        key rsa as specified in PKCS #1 v2.0.

I'd be surprised if PKCS#1 v2.0 introduced incompatibilities with the
previous version.  At any rate, RFC 4871 says: "

3.3.1. The rsa-sha1 Signing Algorithm


   The rsa-sha1 Signing Algorithm computes a message hash as described
   in Section 3.7 below using SHA-1 [FIPS.180-2.2002] as the hash-alg.
   That hash is then signed by the signer using the RSA algorithm
   (defined in PKCS#1 version 1.5 [RFC3447]) as the crypt-alg and the
   signer's private key. [...]"
reply via email to
[Prev in Thread] Current Thread [Next in Thread]