[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rsa public keys
On Mon, 4 Aug 1997, Carl Ellison wrote:
> >- we have dropped the hash algorithm name (why was it there?)
>
> It was there because a public signature key algorithm isn't just the PK
> algorithm but everything you need to verify the signature. This includes
> the hash algorithm, the packing/padding (pkcs1, in this case) and any
> formatting of the output (none, in this case). [That list of 4 things,
> c/o Burt Kaliski, relayed by Ron Rivest, a while ago.]
A "rsa-pkcs1-md5" and "rsa-pkcs1-sha1" would look like two different
principals even though they have exactly the same content (e and n).
If I'm a "rsa-pkcs1-md5" I'd still like to be able to sign objects with
sha-1.
The signature is defined as follows:
<signature>:: "(" "signature" <hash> <principal> <sig-val> ")" ;
<hash>:: "(" "hash" <hash-alg-name> <hash-value> <uri>? ")" ;
.. so we can read the <hash-alg-name> from the <hash> object. We don't
have to specify it in the public key algorithm name.
- Markku-Juhani Saarinen <mjos@ssh.fi>