[cryptography] Error in PKCS #1 v2.1?
paul at ciphergoth.org
Fri Feb 18 08:11:53 EST 2011
Aha, I have discovered my mistake: I did not see step 11 of the procedure:
11. Set the leftmost 8emLen – emBits bits of the leftmost octet in
maskedDB to zero. (page 36)
As a result of this step, OS2IP(EM) < 2^emBits < n < 2^modBits and so
the signature works. Sorry for the false alarm!
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the cryptography