RSA // OAEP // SHA-1
Michel Messerschmidt
lists at michel-messerschmidt.de
Wed Jan 30 20:40:25 CET 2013
On Tue, Jan 29, 2013 at 06:36:25PM -0600, John Clizbe wrote:
> vedaal at nym.hush.com wrote:
> > if so, would this fall under the open-pgp RFC, or would it have to go through an
> > RSA standard first?
>
> RFC 4880 makes no mention of OAEP. RFC 4880 references RFC 3447 for details of
> RSA implementation.
>
> So, from what I can tell, RSA standard first, then OpenPGP by incorporating
> the new RSA standard. THEN, Gnupg.
Although it is the default, RFC 3447 is not restricted to SHA-1.
Appendix B actually states:
"For the RSAES-OAEP encryption scheme and EMSA-PSS encoding method,
only SHA-1 and SHA-256/384/512 are recommended."
More information about the Gnupg-users
mailing list