[cryptography] Error in PKCS #1 v2.1?

Paul Crowley paul at ciphergoth.org
Fri Feb 18 08:11:53 EST 2011

Aha, I have discovered my mistake: I did not see step 11 of the procedure:

11. Set the leftmost 8emLen – emBits bits of the leftmost octet in 
maskedDB to zero. (page 36)

As a result of this step, OS2IP(EM) < 2^emBits < n < 2^modBits and so 
the signature works.  Sorry for the false alarm!
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the cryptography mailing list