[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RSA Signature with IKE

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: RSA Signature with IKE
From: "MAHAPATRA,ARIJIT (A-India,ex1)" <arijit_mahapatra@agilent.com>
Date: Mon, 3 Sep 2001 19:57:07 +0900
Sender: owner-ipsec@lists.tislabs.com

Hi,
I have few questions regarding RSA signatures when used as the
authenticatation method for IKE.

1) There are 2 signature generation schemes defined in RSA PKCS#1 -
RSASSA-PKCS1-v1.5 and
   RSASSA-PSS and corresponding 2 separate verification schemes. Which is to
be followed?

2) The private key can have 2 alternate formats: which one one should work
with?

3) In Main Mode M5(/M6) what would it contain in SIG_I(/SIG_R)payload ? 
   Only the Signature or Signature apppended to message HASH_I(/HASH_R).
   
4) What is meant by the following snippet from RFC 2409 ? 
   "Since the hash algorithm used is already known there is no need to
   encode its OID into the signature. In addition, there is no binding
   between the OIDs used for RSA signatures in PKCS #1 and those used in
   this document. Therefore, RSA signatures MUST be encoded as a private
   key encryption in PKCS #1 format and not as a signature in PKCS #1
   format (which includes the OID of the hash algorithm)."

5) In real-world how a DUT/Security Gateway obtains Certificates from a
Certificate Authority?
   How OpenSSL sofware can be used in this respect?

Any help in form of suggesttion/feedback/link is highly appreciated.

Thanks in advance! 
--Regards,
  Arijit.

Follow-Ups:

Re: RSA Signature with IKE

From: Joern Sierwald <joern.sierwald@F-Secure.com>

Prev by Date: Exporting symbols into linux kernel?
Next by Date: network partitions and DPD
Prev by thread: Exporting symbols into linux kernel?
Next by thread: Re: RSA Signature with IKE
Index(es):
- Main
- Thread