Hi Wei Dai: It seems to be working! Thank you for your help! Subbu
-----Original Message----- From: Wei Dai [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 10:57 PM To: [EMAIL PROTECTED] Subject: Re: ISAKMP HASH_I/HASH_R encryption with RSA Private key Please ignore what I said in my private reply. (I didn't notice you sent a public post as well as a private email.) That will work for the encryption, but not the decryption. Try the attached code instead. On Fri, Oct 15, 2004 at 12:43:06PM -1000, Mukkamala, Subbarayudu wrote: > Hi: > I am trying to use RSA algorithms from Crypto ++ 5.2.1 library for IPSec. > > I need some clarification on signature generation using RSA, interpreting the following from IKE standard [rfc 2409] section 5.1. > > -------------- RFC 2409 Section 5.1--------------------------------- > In general the signature will be over HASH_I and HASH_R as above > using the negotiated prf, or the HMAC version of the negotiated hash > function (if no prf is negotiated). However, this can be overridden > for construction of the signature if the signature algorithm is tied > to a particular hash algorithm (e.g. DSS is only defined with SHA's > 160 bit output). In this case, the signature will be over HASH_I and > HASH_R as above, except using the HMAC version of the hash algorithm > associated with the signature method. The negotiated prf and hash > function would continue to be used for all other prescribed pseudo- > random functions. > > Since the hash algorithm used is already known there is no need to > encode its OID into the signature. In addition, there is no binding > between the OIDs used for RSA signatures in PKCS #1 and those used in > this document. Therefore, RSA signatures MUST be encoded as a private > key encryption in PKCS #1 format and not as a signature in PKCS #1 > format (which includes the OID of the hash algorithm). DSS signatures > MUST be encoded as r followed by s. > -------------- RFC 2409 Section 5.1--------------------------------- > > I See the above to do the followign steps: See at http://www.netsys.com/ipsec/1998/msg00347.html > > - ISAKMP produces HASH_I/HASH_R however it wishes > > - the hash is used as input data for encryption with the RSA private key, with padding as required by the RSA algorithm > > - the (key bits) of encryption output is passed over the wire as the signature > > As I see RSA encryption algorithm of Crypto++ usually takes only public key, NOT private key except in case of RSA Signature generation. > > But as the spec indicates that we can not use RSA signature provided by Crypto++ as it encodes OID os algorithm Can you tell how to encrypt HASH_I/HASH_R with RSA private key using Crypto++? > > Please let me know. > > Thank You > Subbu > >
