RSA PKCS#1 signing: differs from OpenSSL's?
Dean Scarff
dos at scarff.id.au
Wed Dec 5 09:07:13 CET 2007
libgcrypt 1.2.2's gcry_pk_sign appears to fail an equivalence test
with OpenSSL 0.9.6m's RSA_sign(3).
This is based on the output of
<http://scarff.id.au/file/gcrypt_vs_openssl.c>, which runs without
aborting and demonstrates that the signatures produced are different.
Is this correct libgcrypt behaviour? I'd have filed a bug but I'm
unsure if I've just misinterpreted the API.
My understanding is that both routines should be doing the same thing:
adding PKCS#1 block 1 padding including the ASN1DER for MD5, then
using the secret key operation to sign the result. They should
therefore have equivalent output. I'm also confident that RSA_sign(3)
is correct.
--
Dean
More information about the Gcrypt-devel
mailing list