RSA PKCS#1 signing: differs from OpenSSL's?
Werner Koch
wk at gnupg.org
Thu Dec 6 08:01:56 CET 2007
On Wed, 5 Dec 2007 21:50, simon at josefsson.org said:
> I had the same experience when porting libssh2 from OpenSSL to
> libgcrypt, and this caused quite some confusion and a long debugging
> session.
Frankly, I had the same problem several times. I added a note to the
Libgcrypt manual which might help us in the future.
> PKCS#1 calls the first prime P and the second one Q, and uses
> coeff=p^{-1} mod q, which would suggest that libgcrypt got this
> backwards.
Libgcrypt stems from gpg and this implements OpenPG. OpenPGP defines
- MPI of RSA secret prime value p.
- MPI of RSA secret prime value q (p < q).
- MPI of u, the multiplicative inverse of p, mod q.
Thus Libgcrypt uses this definition.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel
mailing list