I'm pretty sure there's an error or misunderstanding on someone's part. Part of the title of ISO/IEC FDIS 9796-2 is "Part 2: Integer factorisation based mechanisms" and DSA/ECDSA are not factorisation based!
Also, if you look at section 3.3.2 of that ICAO document, it says that for RSA you should use RSASSA-PSS, which is different from ISO/IEC FDIS 9796-2's Digital Signature Scheme 1. I don't have time to read through this document and figure out what is going on. Can you ask someone who is more familiar with this standard (maybe its authors?). -------------------------------------------------- From: "Alexei" <[email protected]> Sent: Thursday, October 22, 2009 3:57 AM To: "Crypto++ Users" <[email protected]> Subject: Re: Get MessageRepresentative from signature > > I am implementing software for reader of ICAO-compliant e-Passport. In > this document > http://www.csca-si.gov.si/TR-PKI_mrtds_ICC_read-only_access_v1_1.pdf > specified procedure Active Authentication and some its requirements. > Active Authentication is procedure described in ISO/IEC 9796-2, > Digital signature scheme 1. > > Document above gives recommendations for key's size. If you look from > page 23 then you see that recommendations are given for Active > Authentication's keys with RSA, DSA and ECDSA. > > On 22 окт, 14:14, "Wei Dai" <[email protected]> wrote: >> After looking at that standard, I don't think you're supposed to use it >> with >> DSA or ECDSA, but only with RSA or RW. Also, it's not secure. >> Seehttp://eprint.iacr.org/2009/203.pdf. >> >> Why do you have to implement this? >> >> -------------------------------------------------- >> From: "Alexei" <[email protected]> >> Sent: Thursday, October 22, 2009 3:01 AM >> To: "Crypto++ Users" <[email protected]> >> Subject: Re: Get MessageRepresentative from signature >> >> >> >> >> >> > ISO/IEC FDIS 9796-2 draft you can take for a free >> >http://isotctest.iso.org/livelink/livelink/4459194/SC27N3032_Text_for... >> > In this document verification scheme is described correctly. >> >> > Yes, it is signature scheme with message recovery. To verify signature >> > the following steps should be performed: >> > 1. Decrypt signature(get MessageRepresentative). Message >> > representative in Digital signature scheme 1 consists of [Start byte | >> > recoverable part of Message | hash(Message) | trailing byte(s)] >> > 2. Construct Message* = [recoverable part of Message | non-recoverable >> > part of Message] >> > 3. Check that hash(Message) from signature is equal to hash(Message*). >> >> > In Internet I have seen only once that somebody had the same problem >> >http://www.groupsrv.com/science/about117544.html >> >> > On 22 окт, 12:28, "Wei Dai" <[email protected]> wrote: >> >> I'm not familiar with ISO/IEC FDIS 9796-2, and I can't find much >> >> information >> >> about it (without paying to buy the standard). Is it some kind of >> >> signature >> >> scheme with message recovery (SSR)? I never really finished >> >> implementing >> >> support for discrete log-based SSR in Crypto++ (and nobody has >> >> complained >> >> about that before), so the only way to do it is to write your own code >> >> directly on top of the Integer and elliptic curve classes. You can try >> >> to >> >> reuse DL_Algorithm_GDSA in gfpcrypt.h, or copy the code out and build >> >> on >> >> top >> >> of that. >> >> >> Or, if you want to try to finish the DL SSR framework in Crypto++, >> >> take a >> >> look at DL_VerifierBase::RecoverAndRestart() in pubkey.h. But unlike >> >> with >> >> RSA, message recovery with discrete log based schemes is complicated >> >> and >> >> ultimately kind of pointless. >> >> >> -------------------------------------------------- >> >> From: "Alexei" <[email protected]> >> >> Sent: Thursday, October 22, 2009 12:53 AM >> >> To: "Crypto++ Users" <[email protected]> >> >> Subject: Get MessageRepresentative from signature >> >> >> > Hello! >> >> >> > I am implementing Digital signature scheme 1 described in ISO/IEC >> >> > FDIS >> >> > 9796-2. I have signature in binary form and public key. >> >> > I know, how to get MessageRepresentative in case of RSA: call member >> >> > ApplyFunction(...) of CryptoPP::RSA::PublicKey-object. >> >> > But I don't know how to get MessageRepresentative in case of DSA and >> >> > ECDSA... What I should do? Is their any general way to get >> >> > MessageRepresentative independent on type of public key?- Скрыть >> >> > цитируемый текст - >> >> >> - Показать цитируемый текст -- Скрыть цитируемый текст - >> >> - Показать цитируемый текст - > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
