[cryptography] Error in PKCS #1 v2.1?

Paul Crowley paul at ciphergoth.org
Thu Feb 17 09:26:35 EST 2011


On 17/02/11 14:20, Alexander Klimov wrote:
> So, if
>
>   RSASSA-PSS-SIGN (K, M)
>
> gets M which is too large, then one of the above operations will
> detect the problem.

The size of M doesn't enter into it; if M is small enough that the hash 
function can handle it, its size doesn't change the size of anything 
else used to generate or verify the signature.  It's the size of the 
intermediate quantity EM I'm looking at here; it seems clear to me that 
it has to be small enough to guarantee that OS2IP (EM) < n, or RSASP1 
will return "message representative out of range", which shouldn't 
happen in normal circumstances.

-- 
   __
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/



More information about the cryptography mailing list