Wan-Teh Chang wrote:
We are working towards implementing X9.31 RSA key generation. [...] we plan to implement that in NSS, too: https://bugzilla.mozilla.org/show_bug.cgi?id=181570
Would it be an acceptable plan for you once NSS supports X9.31 RSA key generation to modify RSA PKCS#1 key generation to do nothing more than, after checking that the parameter used will generate a valid PKCS#1 key pair (ie the value of e is odd), just call X9.31 RSA key generation ?
So everybody would benefit of more stringent key component verification of X9.31 without having to change anything. It would be slower, but I believe that's quite acceptable given the implication.
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
