Re: SSL sans RSA

New Message Reply About this list Date view Thread view Subject view Author view

Eric Rescorla (ekr@rtfm.com)
Fri, 26 Feb 1999 21:44:21 -0800


> > > 2. What formats are popular for storing dsa keys, in this context? For
> > > RSA keys, I use pkcs#1 key formats (encapsulated using PEM-style
> > > ascii-armoring).
> > There's a lot of variety. Note that you do not need to agree with
> > everyone else in order to be compatible.
>
> I understand that private key format are not crucial for
> compatibility. But it would still be nice to be able to use keys
> created by SSLeay/OpenSSL, and vice versa.
Right. I believe that the format you're using matches OpenSSL,
but I'm not an expert on how OpenSSL does things.

> > > 5. Formats and object identifiers for certification of diffie-hellman
> > > parameters?
> > See PKIX: RFC 2459
>
> One more question... The dsa signature process: If this is in any way
> similar to the PKCS#1 rsa signature process, it would go like this:
>
> 1. Hash the message to be signed (with SHA1 or some other
> cryptographic hash function).
>
> 2. Create a DigestInfo structure, and DER-encode it.
>
> 3. Sign the result using DSA (where the first step is hashing with
> SHA1).
>
> Is this correct? Or is the process simpler: feeding the message
> directly to the DSA algorithm (i.e. first SHA1, then some bignum
> calculations), without any DigestInfo stuff?
Correct. DSA takes a 20-byte input.

> In the latter case, the object identifier id-dsa-with-sha1 seems
> completely redundant; the sha1 part is implied by "dsa", and there's
> no place in the signature process for another hash function. The
> id-dsa identifier (with omitted parameters) would do just as well for
> identifying the complete signature process.
Actually, any 160 bit hash function would do. The issue is that
there's no identifying information in the signature itself,
so a substitution attack is possible if you don't mandate a
single digest algorithm.

-Ekr


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28