RSA PKCS#1 signing: differs from OpenSSL's?
Werner Koch
wk at gnupg.org
Wed Dec 5 16:21:09 CET 2007
On Wed, 5 Dec 2007 09:07, dos at scarff.id.au said:
> <http://scarff.id.au/file/gcrypt_vs_openssl.c>, which runs without
> aborting and demonstrates that the signatures produced are different.
> Is this correct libgcrypt behaviour? I'd have filed a bug but I'm
> unsure if I've just misinterpreted the API.
Yes, this is correct. Libgcrypt expects that P < Q; whereas OpenSSL
expect Q < P. Here is code to convert this.
/* check that p is less than q */
if (gcry_mpi_cmp (skey->p, skey->q) > 0)
{
gcry_mpi_t tmp;
log_info ("swapping secret primes\n");
tmp = gcry_mpi_copy (skey->p);
gcry_mpi_set (skey->p, skey->q);
gcry_mpi_set (skey->q, tmp);
gcry_mpi_release (tmp);
/* and must recompute u of course */
gcry_mpi_invm (skey->u, skey->p, skey->q);
}
The important thing here is to recompute U because u = p^{-1} mod q.
I have a item on my todo list to allow for native OpenSSL parameters in
Libgrypt but this has not yet been done.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel
mailing list