Re: SSL sans RSA

EKR (ekr@rtfm.com)
26 Feb 1999 21:56:05 -0800

• Next message: Eric Rescorla: "Re: SSL sans RSA"
• Previous message: Niels Möller: "Re: SSL sans RSA"
• In reply to: EKR: "Re: SSL sans RSA"
• Next in thread: Andrew Meredith: "ASN.1 vs Binary (was: SSL sans RSA)"

Eric Rescorla <ekr@rtfm.com> writes:

> > One more question... The dsa signature process: If this is in any way
> > similar to the PKCS#1 rsa signature process, it would go like this:
> >
> > 1. Hash the message to be signed (with SHA1 or some other
> > cryptographic hash function).
> >
> > 2. Create a DigestInfo structure, and DER-encode it.
> >
> > 3. Sign the result using DSA (where the first step is hashing with
> > SHA1).
> >
> > Is this correct? Or is the process simpler: feeding the message
> > directly to the DSA algorithm (i.e. first SHA1, then some bignum
> > calculations), without any DigestInfo stuff?
> Correct. DSA takes a 20-byte input.
I realized that this isn't very clear. There's no DigestInfo
encoding at all. The 20 bytes from SHA-1 are fed directly
into DSA.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]

• Next message: Eric Rescorla: "Re: SSL sans RSA"
• Previous message: Niels Möller: "Re: SSL sans RSA"
• In reply to: EKR: "Re: SSL sans RSA"
• Next in thread: Andrew Meredith: "ASN.1 vs Binary (was: SSL sans RSA)"