[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA Signature with IKE



It will be less confusing if the poster retrieves the PKCS#1 ver. 1.5
document. He is probably looking at the PKCS#1 ver. 2+ document which is
almost unreadable.

======================
Greg Stark
ghstark@pobox.com
======================

----- Original Message -----
From: "Joern Sierwald" <joern.sierwald@F-Secure.com>
To: <ipsec@lists.tislabs.com>
Sent: Tuesday, September 04, 2001 11:47 AM
Subject: Re: RSA Signature with IKE


> At 19:57 03.09.01 +0900, MAHAPATRA,ARIJIT (A-India,ex1) wrote:
> >
> >1) There are 2 signature generation schemes defined in RSA PKCS#1 -
> >RSASSA-PKCS1-v1.5 and
> >   RSASSA-PSS and corresponding 2 separate verification schemes. Which is
to
> >be followed?
> >
>
> No idea, don't have that document on me right now, but see below.
>
> >2) The private key can have 2 alternate formats: which one one should
work
> >with?
> >
>
> Your problem. Use whatever. PKCS#1, PKCS#8, PKCS#12 all do fine.
> Maybe... (gasp) support them all!
>
> >3) In Main Mode M5(/M6) what would it contain in SIG_I(/SIG_R)payload ?
> >   Only the Signature or Signature apppended to message HASH_I(/HASH_R).
> >
>
> Only the signature, please.
>
> >> (4)
> >   Therefore, RSA signatures MUST be encoded as a private
> >   key encryption in PKCS #1 format and not as a signature in PKCS #1
> >   format (which includes the OID of the hash algorithm)."
> >
>
> This may be the most important hint of them all.
>
> There are several ways to sign stuff with RSA. The question is,
> do you want to hash the data first or not?
> If not, Pad the data (20 bytes, I guess) and run the RSA algorithm
> over it. If yes, hash it, put some DER encoding around it, including
> the hash algorithm, pad it, and run the RSA algorithm over it.
>
> BTW, for IKE, the answer is "NO".
>
> For instance, in PKCS#11, there is:
>
> CKM_RSA_PKCS
> CKM_MD5_RSA_PKCS
> CKM_SHA1_RSA_PKCS
> CKM_MD2_RSA_PKCS
>
> The first one does not hash the data or even put some DER-encoding
> into the sig. Therefore, it's the one you want for IKE.
> You don't want the other 3 ones. Heck, no.
>
> I have no idea what crypto lib you're using. So you have to figure out
> what to call by yourself.
>
> >5) In real-world how a DUT/Security Gateway obtains Certificates from a
> >Certificate Authority?
> >   How OpenSSL sofware can be used in this respect?
> >
>
> Real world?
> (1) You copy files around on floppy disks.
> (2) Use (1) + cut&paste&someCAwebinterface
> (3) You use SCEP
> (4) You use one of them new protocols.
>
> For starters, use OpenSSL to generate a PKCS#12 bundle and use that
> directly in your GW. If that's too complicated, you can cut a PKCS#12
> into pieces using OpenSSL. Maybe into a Cert and a PKCS#1 key.
>
>
> J-rn
>



References: