[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: public key algorithm naming

Marc Branchaud <marcnarc@xcert.com> writes:

> Content-Type: text/plain; charset=us-ascii
> EKR <ekr@terisa.com> scrawled:
> > 
> > There's another quibble I have with all of this: PKCS-1 is both
> > a message padding AND a format for RSA key encoding. But PKIX does
> > NOT use the PKCS-1 RSA key encoding. Consequently, having a 
> > key tagged as rsa-pkcs1 seems kind of confusing.
> > 
> I don't understand your point here.  PKIX Part 1, section 7.2.1 (RSA
> Signature Algorithm) clearly says to use PKCS1 -- the algorithm IDs it
> specifies for RSA signatures are PKCS IDs.  I'll admit that the same section
> contains a description of a signature algorithm that is _not_ PKCS1, but I
> suspect that's more an editing oversight than an intended deviation.
You're right. This is a thinko. I meant to say 'SPKI' here. PKIX,
of course, does use PKCS-1 everywhere that it's appropriate.

SPKI, however, uses it's own format for representing RSA keys.

> Anyway, for the record, I think it's better to just use rsa-pkcs1 and
> dsa-sha1 (couldn't that just be "dss"?), but here's a little caveat: PKCS1
> doesn't specifically talk about SHA1.  In fact, for RSA-with-SHA1, PKIX uses
> a non-PKCS algorithm ID (instead it's one from the OSI Interoperability
> Workshop).  There's no reason I can see that SHA1 can't be used in the PKCS1
> style just like MD* are, and I'm 99.9% sure that's how its done in practice,
> but it's not actually specified in PKCS1.
There is a pkcs-1 with SHA OID out there somewhere.


[Eric Rescorla                             Terisa Systems, Inc.]
		"Put it in the top slot."