Yes, Cryptopp supports the NIST approved hash codes of SHA-256 and others SHA2 based hashes. When used alone, these are NIST/FIPS approved. However, in its RSA digital signature functions, it uses SHA1 which is no longer a NIST approved hash code method. Thus the reason for my question.
v 5.2.3 >From rsa.h <snip> // The three RSA signature schemes defined in PKCS #1 v2.0 typedef RSASS<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer; typedef RSASS<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier; typedef RSASS<PKCS1v15, MD2>::Signer RSASSA_PKCS1v15_MD2_Signer; typedef RSASS<PKCS1v15, MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier; typedef RSASS<PKCS1v15, MD5>::Signer RSASSA_PKCS1v15_MD5_Signer; typedef RSASS<PKCS1v15, MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier; </snip> If I modify cryptopp to use SHA2 hash code in its RSA signature then I lose FIPS since I need to recompile the DLL. If I use the RSA signatures as implemented in the DLL, I do not have FIPS compliance either, if I understand the NIST web site correctly. I was just looking for clarification on this from somebody who is familar with NIST, FIPS and digital signatures. On Sep 10, 2:06 pm, Robert Roessler <[EMAIL PROTECTED]> wrote: > ol'fogey wrote: > > ... > >>Fromhttp://csrc.nist.gov/CryptoToolkit/tkdigsigs.htmlthere are only > > 3 approved functions to generate a digital signature. The caveat > > appears to be that the method chosen must use an approved hash code > > function, as listed onhttp://csrc.nist.gov/CryptoToolkit/tkhash.html > > When I cross reference the approved hash code functions with the hash > > code functions used by Cryptopp, there is no match. So does this mean > > that the digital signatures in Cryptopp are no not FIPS approved? If > > so, could I make the signature myself by creating a hash code of the > > file via an approved method like SHA-256 and then using RSA to encrypt > > that hash code to create a signature? Can somebody shed some light on > > this for me or point me in the right direction with some links? > > Crypto++ does indeed support the [approved] SHA-2 family of hashes, as > shown on the first pages of both the site and reference manual... so > what was the question? :) > > Robert Roessler > [EMAIL PROTECTED]://www.rftp.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
