during the preparation of the self-test patch for pkcs1pad, I noticed the 
following strange behavior:

I set an RSA private key with e=0x10001 to generate a signature. This 
generation process was successful and the expected signature was generated. 
Now, when using the very same TFM with the already set private key and perform 
a signature verification on the previously generated signature failed.

After some experiments, I found that I had to set e=0x0000000 ... 10001 where 
the size of e is equal to the size of n. Still, signature generation passed. 
And now, using the same TFM with the set private key, the signature 
verification passed too.

How come that there is a dissimilar handling of e regarding signature 
generation and verification?


Reply via email to