Re: Need RSA Encryption for bulk data

Eric Murray (ericm@lne.com)
Thu, 18 Jun 1998 18:02:49 -0700 (PDT)

• Next message: Tim Dierks: "ASIC price/volume/performance"
• Previous message: jcaldwel@iquest.net: "Re: tempest monitoring of key bit flips"
• In reply to: Simon R Knight: "Re: tempest monitoring of key bit flips"

Teh Kao Yang writes:
>
> Hi there,
> THanks for the reply. Yes I understand that most of the time you
> encrypt with a symmetric session key.. but I guess I didn't really
> state my problem clearly enough.. what I really needed was to be able
> to sign some data with a RSA private key. Now I've been able to find
> libraries that, given some data, will hash the data and then sign
> the hash. The thing this, I couldn't find any thing that will just
> do the signing and not the hashing as well. For example RSAREF does
> provide hashing+signing composite functions... what I need is just
> the signing/encrypting part... I already have a hashed value available.
> I tried the Microsoft Crypto API, and that had a function that sort of
> does this, because you can provide a pre-hashed data for it to sign... but
> the problem is, it only accepts pre-hashed data in 16, 20 , or 30 byte
> lengths (I guess corresponding to MD5, and SHA). It will not sign an
> arbritraly length of data.
>
> Ok sorry if this is getting too long, but I guess I still haven't really
> explained what I need this function for. I am trying to do a PKCS#1
> digital signature. In PKCS#1 they define that you have to first has
> h the data, then DER encode the hash, then encrypt with RSA. Now what
> I have (all I have) is the DER encoded hash... I need a pure RSA encrypt
> function that will hash this data... which is exactly 34 bytes in length.
> Ok there is also the matter of padding the hash so that the length matches
> the modulus of the private key, but I can take care of that.

Most stand-alone RSA signature functions that I have seen (i.e. in
smart-cards) do the DER-encoding and PKCS#1 padding of
the hash for you. My guess, based on the byte lengths you give, is that
the CAPI API does that.

If I'm right you can simply not DER-encode the hash. If that's not an option
for whatever reason, the DER encoding is always static (for each
hash algorithim). For SHA its
    0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
    0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
MD5 is something similar. The hash itself is always the last N bytes
where N is the hash length. So you can just pick off that part and
send it to CAPI.

A DER-encoded SHA hash should be 35 bytes.

-- 
Eric Murray  Chief Security Scientist  N*Able Technologies  www.nabletech.com
(email:  ericm  at  lne.com   or   nabletech.com)          PGP keyid:E03F65E5

• Next message: Tim Dierks: "ASIC price/volume/performance"
• Previous message: jcaldwel@iquest.net: "Re: tempest monitoring of key bit flips"
• In reply to: Simon R Knight: "Re: tempest monitoring of key bit flips"