[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA Signature with IKE

To: ipsec@lists.tislabs.com
Subject: Re: RSA Signature with IKE
From: Joern Sierwald <joern.sierwald@F-Secure.com>
Date: Tue, 04 Sep 2001 17:47:05 +0200
In-Reply-To: <0333DB893597D311920D0090279AA8F004D19D8B@apmail3.sgp.agilent.com>
Sender: owner-ipsec@lists.tislabs.com

At 19:57 03.09.01 +0900, MAHAPATRA,ARIJIT (A-India,ex1) wrote:
>
>1) There are 2 signature generation schemes defined in RSA PKCS#1 -
>RSASSA-PKCS1-v1.5 and
>   RSASSA-PSS and corresponding 2 separate verification schemes. Which is to
>be followed?
>

No idea, don't have that document on me right now, but see below.

>2) The private key can have 2 alternate formats: which one one should work
>with?
>

Your problem. Use whatever. PKCS#1, PKCS#8, PKCS#12 all do fine.
Maybe... (gasp) support them all!

>3) In Main Mode M5(/M6) what would it contain in SIG_I(/SIG_R)payload ? 
>   Only the Signature or Signature apppended to message HASH_I(/HASH_R).
>   

Only the signature, please.

>> (4)
>   Therefore, RSA signatures MUST be encoded as a private
>   key encryption in PKCS #1 format and not as a signature in PKCS #1
>   format (which includes the OID of the hash algorithm)."
>

This may be the most important hint of them all.

There are several ways to sign stuff with RSA. The question is,
do you want to hash the data first or not?
If not, Pad the data (20 bytes, I guess) and run the RSA algorithm
over it. If yes, hash it, put some DER encoding around it, including
the hash algorithm, pad it, and run the RSA algorithm over it.

BTW, for IKE, the answer is "NO".

For instance, in PKCS#11, there is:

CKM_RSA_PKCS
CKM_MD5_RSA_PKCS
CKM_SHA1_RSA_PKCS
CKM_MD2_RSA_PKCS

The first one does not hash the data or even put some DER-encoding
into the sig. Therefore, it's the one you want for IKE.
You don't want the other 3 ones. Heck, no.

I have no idea what crypto lib you're using. So you have to figure out
what to call by yourself.

>5) In real-world how a DUT/Security Gateway obtains Certificates from a
>Certificate Authority?
>   How OpenSSL sofware can be used in this respect?
>

Real world?
(1) You copy files around on floppy disks.
(2) Use (1) + cut&paste&someCAwebinterface
(3) You use SCEP
(4) You use one of them new protocols.

For starters, use OpenSSL to generate a PKCS#12 bundle and use that
directly in your GW. If that's too complicated, you can cut a PKCS#12
into pieces using OpenSSL. Maybe into a Cert and a PKCS#1 key.

J–rn

Follow-Ups:

Re: RSA Signature with IKE

From: "Gregory Stark" <ghstark@pobox.com>

References:

RSA Signature with IKE

From: "MAHAPATRA,ARIJIT (A-India,ex1)" <arijit_mahapatra@agilent.com>

Prev by Date: RE: Notify SPI field specifications
Next by Date: Re: [Design] Re: opportunistic encryption deployment problems
Prev by thread: RSA Signature with IKE
Next by thread: Re: RSA Signature with IKE
Index(es):
- Main
- Thread