Re: Changing signature algorithm

To: Love Hörnquist Åstrand <lha@kth.se>, heimdal-discuss@sics.se

Subject: Re: Changing signature algorithm

Date: Wed, 6 Jun 2007 07:15:49 -0700 (PDT)

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=SL7g6HBUqjWBOsXPuyf9gRHSMF58IjibpGv+inBa607eeBLImYWZ777gFg/Gvs8s2Hun982AcqvkKVOZ2Tj3BOES3/fpEmCfa+nNL8Od0yGxWK7jaNk58hmlWoKiQ2UXV3hUGNXjfzK05F53Yn6Rni+pzPf4z6sq4RQ1MFnELT8=;

List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>

List-Help: <mailto:sympa@sics.se?subject=help>

List-Id: <heimdal-discuss.sics.se>

List-Owner: <mailto:heimdal-discuss-request@sics.se>

List-Post: <mailto:heimdal-discuss@sics.se>

List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>

List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>

Reply-To: heimdal-discuss@sics.se, Tom Hansen <hansentf@yahoo.com>

Yes. This is a packetcable requirement that singerInfos have a digestAlgo of sha1 and signatureAlgo of RSA. The function rsa_create_signature() only supports RSAwithSHA1. Modifying it for RSA results in recursive loop. It's not clear to me why this is.

Tom

----- Original Message ----
From: Love Hörnquist Åstrand <lha@kth.se>
To: heimdal-discuss@sics.se; hansentf@yahoo.com
Sent: Tuesday, June 5, 2007 11:49:04 PM
Subject: Re: Changing signature algorithm

> I'm trying some changes to pkinit and wanting to understand the
> piece of code
> below. Specifically I want to change the signature algorithm from
> RSA with SHA1
> to just RSA. Doing so fails since lib/hx509/crypto.c:
> rsa_create_signature()
> does not support it. Why?

RSA on non-digests is not very common, already done the digest ?

Love

Join our Network Research Panel today!

Follow-Ups:

Re: Changing signature algorithm
- From: Love Hörnquist Åstrand <lha@kth.se>