|

»

SHA2 in OpenPGP cards?

View: New views

4 Messages — Rating Filter: Alert me

	SHA2 in OpenPGP cards? by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi! Before I spend time testing it, can the OpenPGP card support RSA-SHA2 signatures? /Simon _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: SHA2 in OpenPGP cards? by Werner Koch :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, 29 Sep 2009 09:46, simon@... said: > Hi! Before I spend time testing it, can the OpenPGP card support > RSA-SHA2 signatures? The v2 cards support any hash agorithm as long as they fit into pkcs#1. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: SHA2 in OpenPGP cards? by Simon Josefsson-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Werner Koch <wk@...> writes: > On Tue, 29 Sep 2009 09:46, simon@... said: >> Hi! Before I spend time testing it, can the OpenPGP card support >> RSA-SHA2 signatures? > > The v2 cards support any hash agorithm as long as they fit into pkcs#1. Ok thanks. Is there any problem sending the future SHA-3 hashes in the PKCS#1 struct too? Does the smartcard validate the PKCS#1 data in any way before signing it? I'm thinking also of the ad-hoc MD5/SHA1 data used by TLS, it doesn't follow PKCS#1 format. /Simon _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: SHA2 in OpenPGP cards? by Werner Koch :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, 30 Sep 2009 14:19, simon@... said: > PKCS#1 struct too? Does the smartcard validate the PKCS#1 data in any > way before signing it? I'm thinking also of the ad-hoc MD5/SHA1 data > used by TLS, it doesn't follow PKCS#1 format. With the old cards the use of MD5/SHA1 was only possible with the authentication key but not with the signature key. The v2 new cards uses the relaxed check also for the signature key: In compliance with PKSC #1, the card checks that the DigestInfo in the command data field is not longer than 40% of the length of the modulus of the signature key, otherwise the command is rejected. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel