On 9/15/06, David Shaw <[EMAIL PROTECTED]> wrote:
>> GPG was not vulnerable, so no fix was issued.
>> Incidentally, GPG does not attempt to parse the
>> PKCS/ASN.1 data at all.  Instead, it generates a new
>> structure during signature verification and compares
>> it to the original.

Taral wrote:
> *That* is the Right Way To Do It. If there are
> variable parts (like hash OID, perhaps), parse them
> out, then regenerate the signature data and compare it
> byte-for-byte with the decrypted signature. Anything
> you don't understand/control that might be variable
> (e.g. options) is eliminated by this process.
> I don't think there's anything inherently wrong with
> ASN.1 DER in crypto applications.

If there are no options, you are not using ASN.1 DER.
You are using some random padding bytes that happen to
be equal to ASN.1 DER.

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to