ietf-openpgp
[Top] [All Lists]

Re: [openpgp] RSA-PSS and RSA-OAEP for v5

2021-03-01 07:29:37
brian m. carlson <sandals(_at_)crustytoothpaste(_dot_)net> writes:

Most cryptographic libraries already support RSA-PSS and RSA-OAEP, so there's
little code to add.

*Some* crypto libraries support OAEP and PSS, but they're virtually never
used.  When they are used, they often only support the single parameter set
that whoever decided to use PSS instead of PKCS #1 went for, and fail
mysteriously if you modify any one of the 8,000 parameters that PSS and OAEP
can work with.  Admittedly this is a miniscule sample size because virtually
nothing uses them, but from the few times I've run into them it's been an
interop nightmare trying to guess what the other side will do.  The best
approach seems to be to request sample messages from the other side and then
use exactly that parameter set and nothing else for anything you send them.

Although this would tend to suggest an approach of fixing all parameters at a
given set of values, all this is then doing is reinventing an incredibly
complex equivalent to PKCS #1, which seems excessive when a much simpler
solution is to say "use encode-then-memcmp() to verify the signature" in the
spec.

Peter.


_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>