[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsa public keys

On Mon, 4 Aug 1997, Carl Ellison wrote:

> >- we have dropped the hash algorithm name (why was it there?)
> It was there because a public signature key algorithm isn't just the PK
> algorithm but everything you need to verify the signature.  This includes
> the hash algorithm, the packing/padding (pkcs1, in this case) and any
> formatting of the output (none, in this case).  [That list of 4 things,
> c/o Burt Kaliski, relayed by Ron Rivest, a while ago.]

A "rsa-pkcs1-md5" and "rsa-pkcs1-sha1" would look like two different
principals even though they have exactly the same content (e and n). 
If I'm a "rsa-pkcs1-md5" I'd still like to be able to sign objects with

The signature is defined as follows:
  <signature>:: "(" "signature" <hash> <principal> <sig-val> ")" ;
  <hash>:: "(" "hash" <hash-alg-name> <hash-value> <uri>? ")" ;

.. so we can read the <hash-alg-name> from the <hash> object. We don't
have to specify it in the public key algorithm name.

- Markku-Juhani Saarinen <mjos@ssh.fi>