RSA sign/verify and hash generation functions

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Dec 9 23:00:32 CET 2010


On 12/09/2010 06:59 PM, Alessandro Vesely wrote:
> On 08/Dec/10 23:56, Murray S. Kucherawy wrote:
>>> -----Original Message-----
>>> From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
>>> Sent: Wednesday, December 08, 2010 2:25 PM
>>> To: Murray S. Kucherawy
>>> Cc: help-gnutls at gnu.org
>>> Subject: Re: RSA sign/verify and hash generation functions
>>>
>>> Which signing method do you use with openssl? In gnutls we support only
>>> PKCS #1 1.5 signatures (that one required by TLS).
>>
>> Ah, maybe that's the problem.  The RSA_sign() man page from OpenSSL says:
>>
>>        RSA_sign() signs the message digest m of size m_len using the private
>>        key rsa as specified in PKCS #1 v2.0.
> 
> I'd be surprised if PKCS#1 v2.0 introduced incompatibilities with the
> previous version.  At any rate, RFC 4871 says: "

It uses RSA-OAEP and RSA-PSS which are not compatible with PKCS #1 1.5.

regards,
Nikos




More information about the Gnutls-help mailing list