On Sat, 26 Jan 2013, ianG wrote:
Apologies in advance ;) but a cryptography question:
I'm coding (or have coded) a digital signature class in RSA. In my research
on how to frame the input to the RSA private key operation, I was told words
to effect "just use OAEP and you're done and dusted." Which was convenient as
that was already available/coded.
However I haven't seen any other code doing this - it is mostly PKCS1, etc,
and RFC3447 doesn't enlighten in this direction.
Could OAEP be considered reasonable for signatures? or is this a case of
totally inappropriate? Or somewhere in between?
iang
The following paper seems relevant here:
"Versatile Padding Schemes for Joint Signature and Encryption," Dodis et
al., ACM CCCS 2004.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
