On Thu, Feb 17, 2011 at 12:10, Jeffrey Walton <[email protected]> wrote: > > > I'm not sure that it incorrect - maybe just non-standard??? Its > probably easiest to call the RSA decrypt function on the cipher text > (i.e., the hash) yourself. http://www.cryptopp.com/wiki/Raw_rsa >
Be *very* careful if you do this. It's an approach that invites serious, security-relevant errors. It sounds easy when you describe it, but I've seen extremely smart developers get this wrong in ways that led to acceptance of forged signatures. MFSA 2006-60[1] is a good public example of a prominent case. It also marries your code pretty tightly to RSA, which may or may not be an issue for you. Geoff [1] http://www.mozilla.org/security/announce/2006/mfsa2006-60.html -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
