RSA // OAEP // SHA-1

John Clizbe JPClizbe at
Wed Jan 30 01:36:25 CET 2013

vedaal at wrote:
> As the padding scheme in RSA, (OAEP) uses SHA-1, then , *eventually*, as
> people move away from using SHA-1, and toward a V5 key where SHA-1 is not used,
> will it also be necessary to re-do the RSA padding to not use SHA-1, and
> if so, would this fall under the open-pgp RFC, or would it have to go through an
> RSA standard first?

This is probably more on topic for the IETF-OpenPGP list, but anyway...

RFC 4880 makes no mention of OAEP. RFC 4880 references RFC 3447 for details of
RSA implementation.

So, from what I can tell, RSA standard first, then OpenPGP by incorporating
the new RSA standard. THEN, Gnupg.

[RFC4880]  J. Callas, L. Donnerhacke, H. Finney, D. Shaw, R. Thayer.
           "OpenPGP Message Format", RFC 4880, November 2007.

[RFC3447]  Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards
           (PKCS) #1: RSA Cryptography Specifications Version 2.1",
           RFC 3447, February 2003.

John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://  or
     mailto:pgp-public-keys at

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 863 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130129/835da938/attachment-0001.pgp>

More information about the Gnupg-users mailing list