RSA // OAEP // SHA-1

Avi avi.wiki at gmail.com
Wed Jan 30 21:35:03 CET 2013


Would it make sense to amend that to add SHA-3?

--Avi

On 1/30/13, Michel Messerschmidt <lists at michel-messerschmidt.de> wrote:
> On Tue, Jan 29, 2013 at 06:36:25PM -0600, John Clizbe wrote:
>> vedaal at nym.hush.com wrote:
>> > if so, would this fall under the open-pgp RFC, or would it have to go
>> > through an
>> > RSA standard first?
>>
>> RFC 4880 makes no mention of OAEP. RFC 4880 references RFC 3447 for
>> details of
>> RSA implementation.
>>
>> So, from what I can tell, RSA standard first, then OpenPGP by
>> incorporating
>> the new RSA standard. THEN, Gnupg.
>
> Although it is the default, RFC 3447 is not restricted to SHA-1.
> Appendix B actually states:
> "For the RSAES-OAEP encryption scheme and EMSA-PSS encoding method,
> only SHA-1 and SHA-256/384/512 are recommended."
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

-- 
Sent from my mobile device

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki at gmail.com
>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E
29F9



More information about the Gnupg-users mailing list