[PATCH] Add a simple PKCS#1 padding mode

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Mon Dec 16 19:17:26 CET 2013


Hello,

On Mon, Dec 16, 2013 at 9:05 PM, Werner Koch <wk at gnupg.org> wrote:
> On Mon, 16 Dec 2013 17:40, dbaryshkov at gmail.com said:
>
>> Allow user to specify (flags pkcs1) to enable pkcs1 padding of raw value
>> (no hash algorithm is specified). It is up to the user to verify that
>> passed value is properly formatted and includes DER-encoded ASN OID of
>> the hash function.
>
> Please xplain this too.  Why shall we add a crippled pkcs#1 mode?  Is
> this tfor the SHA1+MD5 hash of TLS?  If so, we should add a specila
> hash-algo string.

No, this is purely for users to verify hash algorithm OID on their own.
Basically that is the way how GnuTLS expects to sign/verify to work
(ATM). This can be changed, with cooperation from GnuTLS, but for
now I wanted to be as not-intrusive, as possible.

-- 
With best wishes
Dmitry



More information about the Gcrypt-devel mailing list