After looking at that standard, I don't think you're supposed to use it with DSA or ECDSA, but only with RSA or RW. Also, it's not secure. See http://eprint.iacr.org/2009/203.pdf.
Why do you have to implement this? -------------------------------------------------- From: "Alexei" <[email protected]> Sent: Thursday, October 22, 2009 3:01 AM To: "Crypto++ Users" <[email protected]> Subject: Re: Get MessageRepresentative from signature > > ISO/IEC FDIS 9796-2 draft you can take for a free > http://isotctest.iso.org/livelink/livelink/4459194/SC27N3032_Text_for_FDIS_9796-2.pdf?func=doc.Fetch&nodeid=4459194 > In this document verification scheme is described correctly. > > Yes, it is signature scheme with message recovery. To verify signature > the following steps should be performed: > 1. Decrypt signature(get MessageRepresentative). Message > representative in Digital signature scheme 1 consists of [Start byte | > recoverable part of Message | hash(Message) | trailing byte(s)] > 2. Construct Message* = [recoverable part of Message | non-recoverable > part of Message] > 3. Check that hash(Message) from signature is equal to hash(Message*). > > In Internet I have seen only once that somebody had the same problem > http://www.groupsrv.com/science/about117544.html > > On 22 окт, 12:28, "Wei Dai" <[email protected]> wrote: >> I'm not familiar with ISO/IEC FDIS 9796-2, and I can't find much >> information >> about it (without paying to buy the standard). Is it some kind of >> signature >> scheme with message recovery (SSR)? I never really finished implementing >> support for discrete log-based SSR in Crypto++ (and nobody has complained >> about that before), so the only way to do it is to write your own code >> directly on top of the Integer and elliptic curve classes. You can try to >> reuse DL_Algorithm_GDSA in gfpcrypt.h, or copy the code out and build on >> top >> of that. >> >> Or, if you want to try to finish the DL SSR framework in Crypto++, take a >> look at DL_VerifierBase::RecoverAndRestart() in pubkey.h. But unlike with >> RSA, message recovery with discrete log based schemes is complicated and >> ultimately kind of pointless. >> >> -------------------------------------------------- >> From: "Alexei" <[email protected]> >> Sent: Thursday, October 22, 2009 12:53 AM >> To: "Crypto++ Users" <[email protected]> >> Subject: Get MessageRepresentative from signature >> >> >> >> >> >> > Hello! >> >> > I am implementing Digital signature scheme 1 described in ISO/IEC FDIS >> > 9796-2. I have signature in binary form and public key. >> > I know, how to get MessageRepresentative in case of RSA: call member >> > ApplyFunction(...) of CryptoPP::RSA::PublicKey-object. >> > But I don't know how to get MessageRepresentative in case of DSA and >> > ECDSA... What I should do? Is their any general way to get >> > MessageRepresentative independent on type of public key?- Скрыть >> > цитируемый текст - >> >> - Показать цитируемый текст - > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
