MD5WithRSA digital signatures
John Morris
mailjohnmorris at gmail.com
Fri Jun 10 19:15:51 CEST 2011
On Fri, Jun 10, 2011 at 2:02 AM, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 9 Jun 2011 23:24, mailjohnmorris at gmail.com said:
>
> > Signature sig = Signature.getInstance("MD5WithRSA");
>
> I don't know what scheme this is. Is it pkcs#1 (v1.5 or PSS)?
>
It is using pkcs#1 v1.5.
>
> > gcry_md_hash_buffer(GCRY_MD_MD5, md5, data, dataLen);
> > rc = gcry_sexp_build(&data_sexp, NULL, "(data(flags pkcs1)(hash md5
> %b))",
> > (size_t)16, md5);
>
> *You need to cast to (int)!* On 32 bit system this usually doesn't
> matter but on most 64 bit systems you would corrupt your stack.
>
Thanks for the tip. I was following an example I found that was doing
this. I'll change it to int.
>
> Except for this it looks okay.
>
> BTW, using MD5 for any new code is a serious problem; even all old code
> should have been changed to to use at least SHA-1. MD5 is broken.
>
>
I know, and I am planning to switch soon, but we still have some legacy
users that expect it in md5
> Shalom-Salam,
>
> Werner
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
I actually found the problem. I was doing something stupid in my java code
(verifying with wrong signature variable .. doh!).
It seems to be working fine now.
Thanks for your reply.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110610/6f2c8b76/attachment.htm>
More information about the Gcrypt-devel
mailing list