Read RFC4055 for RSA with various hashes, OAEP, and PSS combinations. - Tolga
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alten > Sent: Tuesday, October 10, 2006 9:47 AM > To: Russ Housley; cryptography@metzdowd.com > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: OpenSSL PKCS #7 supports AES & SHA-2 ? > > Russ, > > OK. I found SHA-2 in RFC 4634 (only 3 months old), which > refers back to FIPS 180-2. > > But I reach a dead-end with PKCS #7 (now RFC 3852). There's > no support for > SHA-2 > algorithm types (RFC 3279). Also PKCS #1 (now RFC 3447) needs > an update for > SHA-2 with RSA encryption (OIDs, etc.). > > Did I miss something or do you need help in updating these, > since I, and probably others too, need them? > > - Alex > > > At 01:19 PM 10/9/2006 -0400, Russ Housley wrote: > >PKCS#7 has been turned over to the IETF for maintenance. The most > >recent version is RFC 3852. Since the protocol is more > stable than the > >cryptographic algorithms, the algorithm discussion appear in > separate RFCs. > > > >TLS 1.2 is under development in the IETF. It is being done > in such a > >way that none of the ciphersuites that have already been > defined need > >to be updated, including the ones that use AES and the SHA-2 family. > > > >Russ > > > > > >At 01:28 AM 10/7/2006, Alex Alten wrote: > >>After reading PKCS #1 v2 more closely and SHA-2 is not even in the > >>specs, therefore OpenSSL PKCS #7 functions won't support > SHA-2. This > >>spec was last updated in 1998. > >> > >>PKCS Editor, is there a new update in progress by RSA Labs to > >>incorporate > >>SHA-2 and AES? > >> > >>Does OpenSSL implement PKCS #1 v2 or just v1.5? If the latter then > >>not even > >>SHA-1 is supported. > >> > >>PKCS editor, is there any timeline as to when PKCS #7 will then be > >>updated with references to official OIDs, etc., for > specifying SHA-2 and AES? > >> > >>Dr. Ron Rivest, are you going to publish new message-digest > IETF RFCs > >>for > >>SHA-1 > >>and SHA-2? (So that they can be referenced by an updated PKCS #7.) > >> > >>Mr. Russ Housley, can you weigh in with what happening in > the IETF WG > >>security area? I know that Mr. Eric Rescorla is working on > a new TLS > >>v1.2 draft. Will this be done/ratified soon? I assume > OpenSSL will > >>incorporate this soon thereafter? > >> > >>This mess with the MD5 and SHA-1 hashes is really starting > to becoming > >>a problem. > >>It's certainly impacting new development projects/products I'm > >>involved with using SSL and PKI certificates. My customers are > >>concerned about using MD5 and SHA-1, and they don't want to keep > >>paying for implementations repeatedly as the standards catch up to > >>reality. Updating these various heavily used standards quickly is > >>quite important. > >> > >>Sincerely (and thanks in advance for all of your replies), > >> > >>- Alex > >> > >> > >>At 09:05 AM 10/6/2006 -0700, Alex Alten wrote: > >>>Does anyone know if the OpenSSL PKCS #7 functions support > AES and SHA-2? > >>>(I assuming OpenSSL 0.9.7 or later.) > >>> > >>>Thanks, > >>> > >>>- Alex > > -- > > Alex Alten > Alten Security Engineering, Inc. > [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
