[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsa public keys

To: Carl Ellison <cme@cybercash.com>
Subject: Re: rsa public keys
From: Markku-Juhani Saarinen <mjos@ssh.fi>
Date: Mon, 4 Aug 1997 20:38:38 +0300 (EET DST)
Cc: spki@c2.net, burt@rsa.com
In-Reply-To: <199708041647.MAA01530@carl.cybercash.com>

On Mon, 4 Aug 1997, Carl Ellison wrote:

> >- we have dropped the hash algorithm name (why was it there?)
> 
> It was there because a public signature key algorithm isn't just the PK
> algorithm but everything you need to verify the signature.  This includes
> the hash algorithm, the packing/padding (pkcs1, in this case) and any
> formatting of the output (none, in this case).  [That list of 4 things,
> c/o Burt Kaliski, relayed by Ron Rivest, a while ago.]

A "rsa-pkcs1-md5" and "rsa-pkcs1-sha1" would look like two different
principals even though they have exactly the same content (e and n). 
If I'm a "rsa-pkcs1-md5" I'd still like to be able to sign objects with
sha-1. 

The signature is defined as follows:
  <signature>:: "(" "signature" <hash> <principal> <sig-val> ")" ;
  <hash>:: "(" "hash" <hash-alg-name> <hash-value> <uri>? ")" ;

.. so we can read the <hash-alg-name> from the <hash> object. We don't
have to specify it in the public key algorithm name.

- Markku-Juhani Saarinen <mjos@ssh.fi>

Prev by Date: rsa public keys
Next by Date: Re: rsa public keys
Prev by thread: rsa public keys
Next by thread: Re: rsa public keys
Index(es):
- Main
- Thread