RE: Possible ambiguities in encoding of signatures, encrypted keys
William Whyte <wwhyte@baltimore.ie> Mon, 12 April 1999 10:06 UTC
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA22216 for <smime-archive@odin.ietf.org>; Mon, 12 Apr 1999 06:06:40 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id CAA12118 for ietf-smime-bks; Mon, 12 Apr 1999 02:22:07 -0700 (PDT)
Received: from puma.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id CAA12113; Mon, 12 Apr 1999 02:22:00 -0700 (PDT)
Received: by puma.baltimore.ie; id KAA21213; Mon, 12 Apr 1999 10:44:58 +0100 (GMT/IST)
Received: from ocelot.baltimore.ie(10.49.0.10) by puma.baltimore.ie via smap (4.1) id xma021196; Mon, 12 Apr 99 10:44:09 +0100
Received: from knuckle (knuckle.baltimore.ie [10.49.0.103]) by ocelot.baltimore.ie (8.8.7/8.8.5) with SMTP id KAA20706; Mon, 12 Apr 1999 10:12:07 +0100
Received: by localhost with Microsoft MAPI; Mon, 12 Apr 1999 10:20:56 +0100
Message-ID: <01BE84CE.26BA1010.wwhyte@baltimore.ie>
From: William Whyte <wwhyte@baltimore.ie>
To: "'pgut001@cs.auckland.ac.nz'" <pgut001@cs.aucKland.ac.nz>, "ietf-pkix@imc.org" <ietf-pkix@imc.org>, "ietf-smime@imc.org" <ietf-smime@imc.org>
Subject: RE: Possible ambiguities in encoding of signatures, encrypted keys
Date: Mon, 12 Apr 1999 10:20:54 +0100
Organization: Baltimore Technologies
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit
Hi Peter, > Currently both RFC 2459 and CMS refer to RFC 2313/2437 for the encoding of RSA > signatures/encrypted data (RFC 2459, 7.2.1; CMS, 12.3.2.1 and 12.2.2 - what I'm > about to describe applies to other algorithms as well, but I'll stick with RSA > to keep it simple). These RFC's make the assumption that the encoded value > will be of the same length as the modulus, zero-padding the value if required > (RFC 2437, 7.2.1 and 8.1.1), however when this padding is used the encoded > value doesn't follow the DER any more. I'm not sure this is right. The signature is an octet string or a bit string, not an integer, and it's perfectly legal to have an OCTET STRING or BIT STRING with leading null bytes. RFC 2313 says: 8.4 Integer-to-octet-string conversion The integer encrypted data y shall be converted to an octet string ED of length k, the encrypted data. and it's the octet string that's encoded. Cheers, William
- Possible ambiguities in encoding of signatures, e… Peter Gutmann
- RE: Possible ambiguities in encoding of signature… William Whyte
- Re: Possible ambiguities in encoding of signature… Peter Gutmann