[Botan-devel] RSA with EMSA3 padding

Rickard Bondesson Rickard.Bondesson at iis.se
Fri Nov 28 11:21:28 EST 2008

I am doing a software implementation of a HSM (Hardware Security Module). The interface is specified by the PKCS#11. A common signing mechanism that they use is called CKM_RSA_PKCS, which is equal to EMSA3 Raw. This essentially could be used to sign a precalculated hash value from the external software.

I found the padding scheme on this site: http://blogs.msdn.com/drnick/archive/2006/09/19/using-rsa-for-signing-messages.aspx
But it should not be considered as a good source.

// Rickard

On Fri, Nov 28, 2008 at 04:41:24PM +0100, Rickard Bondesson wrote:
> No, that is not right. EME_PKCS1v15 if for encrypting with RSA, block type 2. I would like block type 1.
> This page:
> http://www.frogmouth.net/qca/apidocs/html/namespaceQCA.html#c368775aaa
> d8054778f4199999f49ca6 have something called EMSA3 Raw. That is what I 
> would like to use.

Interesting! I have never heard of doing this. This is especially interesting to me considering that QCA is (partially) based on Botan.

> The padding should look like this:
> 0x00 0x01 0xff ... 0xff 0x00 hash/data Which is what is used in the 
> EMSA3 class in Botan.
> I could do my own padding function, but is it possible to have the
> EMSA3 Raw functionality?

I'm investigating. It does not seem like it will be at all difficult to add for 1.7.24.

I assume you are aware of the potential security problems with this padding scheme? I would hope this is only being used for compatability reasons.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20081128/1c6570d2/attachment.sig>

More information about the botan-devel mailing list