[Botan-devel] RSA with EMSA3 padding

Rickard Bondesson Rickard.Bondesson at iis.se
Fri Nov 28 08:52:30 EST 2008


Ohh, sorry I misinterpreted the standard document that I am working with: PKCS#11

RFC 3447 states that: "Accordingly, the EMSA-PKCS-v1_5 encoding method explicitly includes a hash operation and is not intended for signature schemes with message recovery."

Thus is it not possible to have EMSA3 without an hash algorithm as I wanted. The thing I want is plain signing with the RSA key, which is possible. I just thought that I should pad it like EMSA3, which is not possible.

// Rickard

-----Ursprungligt meddelande-----
Från: botan-devel-bounces at randombit.net [mailto:botan-devel-bounces at randombit.net] För Jack Lloyd
Skickat: den 28 november 2008 14:34
Till: Botan development list
Ämne: Re: [Botan-devel] RSA with EMSA3 padding

On Wed, Nov 26, 2008 at 04:13:18PM +0100, Rickard Bondesson wrote:

> I am trying to sign data with RSA and I am using PK_Signer for this 
> task. It works well if I also want to hash the data that I get. Is 
> there a way of using PK_Signer with EMSA3 padding but no hash 
> function?

Hi Richard,

Sorry about the delay, Thanksgiving here the US was occupying me.

Is the reason you want to do this to support some custom hash function? I don't quite understand the problem.

One wrinkle is that EMSA3 padding includes a hash identifier - it's not clear to me what hash id EMSA3 should include in the case of no hash at all.

-Jack
_______________________________________________
botan-devel mailing list
botan-devel at randombit.net
http://lists.randombit.net/mailman/listinfo/botan-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20081128/c1ab7aa2/attachment.sig>


More information about the botan-devel mailing list