[Botan-devel] RSA with EMSA3 padding
lloyd at randombit.net
Fri Nov 28 11:55:52 EST 2008
OK. I have an implementation checked in, though I still need to find
or generate test vectors. It is called EMSA3_Raw (or if instantiated
through a string->object mapping, "EMSA3(Raw)").
It will be included in 1.7.24 (and in 1.8.0 when that is released next
On Fri, Nov 28, 2008 at 05:21:28PM +0100, Rickard Bondesson wrote:
> I am doing a software implementation of a HSM (Hardware Security Module). The interface is specified by the PKCS#11. A common signing mechanism that they use is called CKM_RSA_PKCS, which is equal to EMSA3 Raw. This essentially could be used to sign a precalculated hash value from the external software.
> I found the padding scheme on this site: http://blogs.msdn.com/drnick/archive/2006/09/19/using-rsa-for-signing-messages.aspx
> But it should not be considered as a good source.
> // Rickard
> On Fri, Nov 28, 2008 at 04:41:24PM +0100, Rickard Bondesson wrote:
> > No, that is not right. EME_PKCS1v15 if for encrypting with RSA, block type 2. I would like block type 1.
> > This page:
> > http://www.frogmouth.net/qca/apidocs/html/namespaceQCA.html#c368775aaa
> > d8054778f4199999f49ca6 have something called EMSA3 Raw. That is what I
> > would like to use.
> Interesting! I have never heard of doing this. This is especially interesting to me considering that QCA is (partially) based on Botan.
> > The padding should look like this:
> > 0x00 0x01 0xff ... 0xff 0x00 hash/data Which is what is used in the
> > EMSA3 class in Botan.
> > I could do my own padding function, but is it possible to have the
> > EMSA3 Raw functionality?
> I'm investigating. It does not seem like it will be at all difficult to add for 1.7.24.
> I assume you are aware of the potential security problems with this padding scheme? I would hope this is only being used for compatability reasons.
> botan-devel mailing list
> botan-devel at randombit.net
More information about the botan-devel