ISAKMP HASH_I/HASH_R encryption with RSA Private key

Fri, 15 Oct 2004 15:44:03 -0700

Title: ISAKMP HASH_I/HASH_R encryption with RSA Private key

Hi:
I am trying to use RSA algorithms from Crypto ++ 5.2.1 library for IPSec.

I need some clarification on signature generation using RSA, interpreting the following from IKE standard [rfc 2409] section 5.1.

-------------- RFC 2409 Section 5.1---------------------------------
   In general the signature will be over HASH_I and HASH_R as above
   using the negotiated prf, or the HMAC version of the negotiated hash
   function (if no prf is negotiated). However, this can be overridden
   for construction of the signature if the signature algorithm is tied
   to a particular hash algorithm (e.g. DSS is only defined with SHA's
   160 bit output). In this case, the signature will be over HASH_I and
   HASH_R as above, except using the HMAC version of the hash algorithm
   associated with the signature method.  The negotiated prf and hash
   function would continue to be used for all other prescribed pseudo-
   random functions.

   Since the hash algorithm used is already known there is no need to
   encode its OID into the signature. In addition, there is no binding
   between the OIDs used for RSA signatures in PKCS #1 and those used in
   this document. Therefore, RSA signatures MUST be encoded as a private
   key encryption in PKCS #1 format and not as a signature in PKCS #1
   format (which includes the OID of the hash algorithm). DSS signatures
   MUST be encoded as r followed by s.
-------------- RFC 2409 Section 5.1---------------------------------

I See the above to do the followign steps: See at http://www.netsys.com/ipsec/1998/msg00347.html

  - ISAKMP produces HASH_I/HASH_R however it wishes

  - the hash is used as input data for encryption with the RSA private key, with padding as     required by the RSA algorithm

  - the (key bits) of encryption output is passed over the wire as the signature

As I see RSA encryption algorithm of Crypto++  usually takes only public key, NOT private key except in case of RSA Signature generation.

But as the spec indicates that we can not use RSA signature provided by Crypto++ as it encodes OID os algorithm Can you tell how to encrypt HASH_I/HASH_R with  RSA private key using Crypto++?

Please let me know.

Thank You
Subbu


Reply via email to