RSA PKCS#1 signing: differs from OpenSSL's?

Werner Koch wk at
Thu Dec 6 08:01:56 CET 2007

On Wed,  5 Dec 2007 21:50, simon at said:

> I had the same experience when porting libssh2 from OpenSSL to
> libgcrypt, and this caused quite some confusion and a long debugging
> session.

Frankly, I had the same problem several times.  I added a note to the
Libgcrypt manual which might help us in the future.

> PKCS#1 calls the first prime P and the second one Q, and uses
> coeff=p^{-1} mod q, which would suggest that libgcrypt got this
> backwards.

Libgcrypt stems from gpg and this implements OpenPG.  OpenPGP defines

       - MPI of RSA secret prime value p.
       - MPI of RSA secret prime value q (p < q).
       - MPI of u, the multiplicative inverse of p, mod q.

Thus Libgcrypt uses this definition.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gcrypt-devel mailing list