[cryptography] OAEP for RSA signatures?

Jonathan Katz jkatz at cs.umd.edu
Mon Jan 28 10:47:25 EST 2013


On Sat, 26 Jan 2013, ianG wrote:

> Apologies in advance ;) but a cryptography question:
>
> I'm coding (or have coded) a digital signature class in RSA.  In my research 
> on how to frame the input to the RSA private key operation, I was told words 
> to effect "just use OAEP and you're done and dusted." Which was convenient as 
> that was already available/coded.
>
> However I haven't seen any other code doing this - it is mostly PKCS1, etc, 
> and RFC3447 doesn't enlighten in this direction.
>
> Could OAEP be considered reasonable for signatures?  or is this a case of 
> totally inappropriate?  Or somewhere in between?
>
>
>
> iang

The following paper seems relevant here:
"Versatile Padding Schemes for Joint Signature and Encryption," Dodis et 
al., ACM CCCS 2004.



More information about the cryptography mailing list