>From: schneiw(_at_)de(_dot_)gmd(_dot_)darmstadt (Wolfgang Schneider)
>Subject: SIGNED Macro and PEM Signatures
>Date: Thu, 4 Mar 93 10:24:16 +0100
>
>2. The RSAEncryption process of 4.2.1 requires to produce the ASN.1 code of
>
> SEQUENCE {
> digestAlgorithm AlgorithmIdentifier,
> digest OCTET STRING
> }
>
> In para. 4.2.1 the octets of digest are referred to as MIC. This means
> obviously that the 18 octets resulting from 1. are again ASN.1-encoded
> as OCTET STRING as part of the SEQUENCE.
>
>Is that correct? It sounds a bit odd to me.
>
I interpreted the text the same way. But I implemented it with just one
level of tagging, despite myself.
However, if your at Brut Kaliskis example : page 13 "Some examples of
the PKCS Standards" (June 3rd 1991) you will see not only are his 16
bytes of digest bits not prefixed by a pair of OCTET STRING tags (ie. 2
bytes twice) they are not even prefixed by one OCTET STRING tag.
This last fact can only be in direct contravention of 2) above.
I implemented 2 above, though with only 1 OCTET STRING tag - ignoring
the PEM text. I expect to just do it eventually as per PKCS Example as
I suspect thats what the reference PEM implementation does.
One possibility remains: the example referes to PEM compatibility. I imagine
its an old-PEM "D definition". New PEM signatures fully imports 2) above, I
think in all its 34 byte glory.
Its all very confusing.
There was nothing wrong with the original X.509 SIGNED definition.
There is nothing wrong with PKCS-1, similarly. Its all perfectly clear
from the ASN.1.
However, there are still so many contrary examples floating around.
I think the best way is for the relevant bit of TIS source code to be
published as a reference. And we just all do it that way.
(0001ffffffffffffffffffffffffffffffffffffffffffffffffffffff003020300c06082a8\
64886f70d020505000410afc195aac7af104be16c4dd95ac2c081
^^^^
1 tag!)