--
On 9/15/06, David Shaw <[EMAIL PROTECTED]> wrote:
>> GPG was not vulnerable, so no fix was issued.
>> Incidentally, GPG does not attempt to parse the
>> PKCS/ASN.1 data at all.  Instead, it generates a new
>> structure during signature verification and compares
>> it to the original.

Taral wrote:
> *That* is the Right Way To Do It. If there are
> variable parts (like hash OID, perhaps), parse them
> out, then regenerate the signature data and compare it
> byte-for-byte with the decrypted signature. Anything
> you don't understand/control that might be variable
> (e.g. options) is eliminated by this process.
>
> I don't think there's anything inherently wrong with
> ASN.1 DER in crypto applications.

If there are no options, you are not using ASN.1 DER.
You are using some random padding bytes that happen to
be equal to ASN.1 DER.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     mMZpx7gaL6S/5STlYWv0A0ZM+HqCZSD2m0ClWjxL
     4UR16e+x3Uv/VW8C0Swxx9XMPtH99PEBNIc6BzpkQ

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to