D'oh! Why didn't I see that? Thank you very much. I made my own typedefs external to cryptopp and tried using SHA256. Worked perfectly. Now to get the Win CE side up and running... Too bad there isn't a Win CE version of Cryptopp already validated I could use...
On Sep 10, 3:00 pm, "Wei Dai" <[EMAIL PROTECTED]> wrote: > Those typedefs are for backwards compatibility with older versions of > Crypto++. You can use the templates directly and substitute SHA256 for SHA, > for example. > > ----- Original Message ----- > From: "ol'fogey" <[EMAIL PROTECTED]> > To: "Crypto++ Users" <[EMAIL PROTECTED]> > Sent: Monday, September 10, 2007 12:54 PM > Subject: Re: NIST FIPS Approved using Cryptopp > > > Yes, Cryptopp supports the NIST approved hash codes of SHA-256 and > > others SHA2 based hashes. When used alone, these are NIST/FIPS > > approved. However, in its RSA digital signature functions, it uses > > SHA1 which is no longer a NIST approved hash code method. Thus the > > reason for my question. > > > v 5.2.3 > >>From rsa.h > > <snip> > > > // The three RSA signature schemes defined in PKCS #1 v2.0 > > typedef RSASS<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer; > > typedef RSASS<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier; > > > typedef RSASS<PKCS1v15, MD2>::Signer RSASSA_PKCS1v15_MD2_Signer; > > typedef RSASS<PKCS1v15, MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier; > > > typedef RSASS<PKCS1v15, MD5>::Signer RSASSA_PKCS1v15_MD5_Signer; > > typedef RSASS<PKCS1v15, MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier; > > > </snip> > > > If I modify cryptopp to use SHA2 hash code in its RSA signature then I > > lose FIPS since I need to recompile the DLL. If I use the RSA > > signatures as implemented in the DLL, I do not have FIPS compliance > > either, if I understand the NIST web site correctly. I was just > > looking for clarification on this from somebody who is familar with > > NIST, FIPS and digital signatures. > > > On Sep 10, 2:06 pm, Robert Roessler <[EMAIL PROTECTED]> wrote: > >> ol'fogey wrote: > >> > ... > >> >>Fromhttp://csrc.nist.gov/CryptoToolkit/tkdigsigs.htmlthereare only > >> > 3 approved functions to generate a digital signature. The caveat > >> > appears to be that the method chosen must use an approved hash code > >> > function, as listed onhttp://csrc.nist.gov/CryptoToolkit/tkhash.html > >> > When I cross reference the approved hash code functions with the hash > >> > code functions used by Cryptopp, there is no match. So does this mean > >> > that the digital signatures in Cryptopp are no not FIPS approved? If > >> > so, could I make the signature myself by creating a hash code of the > >> > file via an approved method like SHA-256 and then using RSA to encrypt > >> > that hash code to create a signature? Can somebody shed some light on > >> > this for me or point me in the right direction with some links? > > >> Crypto++ does indeed support the [approved] SHA-2 family of hashes, as > >> shown on the first pages of both the site and reference manual... so > >> what was the question? :) > > >> Robert Roessler > >> [EMAIL PROTECTED]://www.rftp.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
