[Botan-devel] How to do RSA SSL signatures

Jack Lloyd lloyd at randombit.net
Wed May 26 11:58:20 EDT 2010


Yes, this is special-cased in the EMSA3 / hash identifier code.

"EMSA3(Parallel(MD5,SHA-160))"

will produce an SSL-style signature.

Anywhere where a single hash can be used, you can use
"Parallel(X,Y,Z)" to use multiple concatenated hashes. (Random aside:
I wonder if anyone has looked at the security of HMAC when used with
concatenated hashes).

In 1.9.7 a new method of combining hashes, Comb4P, that provides
additional useful security properties, was also added. (Though it can
only combine 2 hashes, and they must have the same output length).

On Wed, May 26, 2010 at 05:26:16PM +0200, Rickard Bellgrim wrote:
> Hi
> 
> I am currently adding some more RSA mechanisms to my library. And in OpenSSL there is a mechanism for SSL signatures, NID_md5_sha1 (MD5 and SHA1 message digests with PKCS #1 padding and no algorithm identifier). Is there a way that this can be done in Botan? Because you can only input one hash algorithm in the EMSA3 class.
> 
> // Rickard
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel



More information about the botan-devel mailing list