RSA padding scheme
brian m. carlson
sandals at crustytoothpaste.net
Sun Jan 22 19:54:22 CET 2012
On Sun, Jan 22, 2012 at 07:48:28PM +0400, Sergey Matveev wrote:
> As I understand, such asymmetric ciphers as RSA and/or ElGamal requires
> strong padding applied before "message" is encrypted. Message is of
> course the one-time session key, used to encipher the actual data.
To use them correctly and securely, yes.
> There are different versions of PKCS#1, NESSIE, OAEP and other schemes
> exist. How can I get which one is used? Trivial grep-ing through the
> 1.4.10 source code (which one I am using) does not help me much.
GnuPG uses PKCS #1 v1.5. This is specified in RFC 4880.
> Moreover I did not find the way padding can be changed/specified for
> example for RSA.
You cannot choose a different padding scheme and remain in compliance
with the OpenPGP standard.
> I will be glad to understand what I am missing.
If the standard allowed different padding schemes, then all
implementations would have to support multiple padding schemes, which
would be burdensome without providing significantly more security.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120122/bdc1cc30/attachment.pgp>
More information about the Gnupg-users
mailing list