RSA padding scheme

brian m. carlson sandals at
Sun Jan 22 19:54:22 CET 2012

On Sun, Jan 22, 2012 at 07:48:28PM +0400, Sergey Matveev wrote:
> As I understand, such asymmetric ciphers as RSA and/or ElGamal requires
> strong padding applied before "message" is encrypted. Message is of
> course the one-time session key, used to encipher the actual data.

To use them correctly and securely, yes.

> There are different versions of PKCS#1, NESSIE, OAEP and other schemes
> exist. How can I get which one is used? Trivial grep-ing through the
> 1.4.10 source code (which one I am using) does not help me much.

GnuPG uses PKCS #1 v1.5.  This is specified in RFC 4880.

> Moreover I did not find the way padding can be changed/specified for
> example for RSA.

You cannot choose a different padding scheme and remain in compliance
with the OpenPGP standard.

> I will be glad to understand what I am missing.

If the standard allowed different padding schemes, then all
implementations would have to support multiple padding schemes, which
would be burdensome without providing significantly more security.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120122/bdc1cc30/attachment.pgp>

More information about the Gnupg-users mailing list