Date: Mon, 31 Mar 1997 23:30:20 -0800
From: db@doppio (David Brownell -- JavaSoft)
Message-Id: <199704010730.XAA15841@argon.eng.sun.com>
To: br@doppio
Subject: Re: Security API Problem !!!
Hi,
Cleaning out some old mail so I can delete it forever.
I certainly hope that for RSA signatures we just say that
we follow the PKCS-1 standards! Those, incidentally,
sign a DER-encoded structure of { OID, hash }.
- Dave
> From br@doppio Wed Mar 12 10:52:22 1997
> Date: Wed, 12 Mar 1997 10:52:35 -0800
> From: br@doppio (Benjamin Renaud)
> To: wplatzer <wplatzer@iaik.tu-graz.ac.at>
> Cc: java-security@doppio
> Subject: Security API Problem !!!
>
>
> Hi Wolfgang,
>
> Thanks for your note. I hope this will help resolve your problem:
>
> wplatzer@iaik.tu-graz.ac.at writes:
> >
> > I wrote a new provider class which implements RSA signatures and came acr=
> > oss a problem.
>
> Note that there really is no such thing as an "RSA signature", but
> only "MD5 with RSA", "SHA with RSA", etc.
>
> > In the document "JavaTM Cryptography Architecture; API Specification & Re=
> > ference" you described the process of verifying signature in this way:
> >
> > Verifying a Signature
> >
> > Verifying the signature is straightforward. (Note: here we also=
> > use the key pair generated in the key pair example)
> >
> > 1: /* Initializing the object with the public key */
> > 2: PublicKey pub =3D pair.getPublic();
> > 3: rsa.initVerify(pub);
> > 4:
> > 5: /* Update and verify the data */
> > 6: rsa.update(data);
> > 7: boolean verifies =3D rsa.verify(sig);
> > 8: System.out.println("signature verifies: " + verifies);
> >
> >
> > The Problem:
> >
> > The name of the hash algorithm used to create a signature is located in t=
> > he signature (ASN.1 datastructure "DigestInfo"). According to the API of =
> > class Signature I get the signature with method verify(byte[] signature) =
> > in line 7:. But to hash the document in line 6: I must already know which=
> > algorithm I shoud use for hashing the message (MD2, MD4, SHA, ...).
>
> The info is not in the ASN.1 datastructure. The ASN.1 data structure
> contains only the encrypted hash value for RSA. We will be publishing
> the exact ASN.1 format for RSA-based signatures this later this month.
>
> The key is that you must know at the time you instantiate the
> signature object what the hash algorithm you want to use is:
>
> Signature md5Rsa = Signature.getInstance("MD5/RSA");
>
> -- Benjamin
>