Ben Laurie writes:
I've been working on signatures recently, and I'm puzzled. As I
understand it, the form of a decrypted signature is:
01 FF FF ... FF FF 00 <ASN.1 nonsense> <hash>
However, every signature I look at decrypts to:
00 01 FF FF ... FF FF 00 <ASN.1 nonsense> <hash>
Before I hurt my head trying to figure out why, I wonder if there's
something obvious I missed?
Actually if you look at PKCS-1 v1.5 you will find that in fact the
MSB is a 0 and the next byte is a 1 for signatures, a 2 for encryption.
Generally the MSB may not be a whole octet, depending on the size of
the modulus, so they put a zero there.
Hal Finney