Peter Djalaliev wrote: > Can somebody elaborate a little more about why one is better then the > other? > > I went to the VFY_VerifyDigest code and I saw in vfy_VerifyDigest > that: > > - for signatures produced with the RSA encryption algorithm, it would > decrypt the signature using the public key and simply compare the > result to the digest given. > - for DSA and EC signtures, however, vfy_VerifyDigest would delegate > the task to PK11_Verify. > There are a couple of reasons for this.
1) VerifyDigest is using shared code that it also used by Verify. It's possible that when we call Verify we don't actually know what Hash was used, so we need to get it from the RSA signature. 2) The bigger reason is there can be multiple legal ways to encode the hash/oid combo -- with the parameters missing, or with and explicit NULL in the parameters. In these cases it's more reliable to decode the actual signature, decode the DER data, then compare the decoded hashes. If we used PK11_Verify for RSA we would have to encode the hash value, try it, and if it failed, encode the hash value with the explicti NULL and try it. This kind of complication is why it's better to call VFY_Verify rather than PK11_Verify unless you have a very specific need (like SSL validates raw RSA signatures without the DER encoded hash oid) bob > (Reference: > http://lxr.mozilla.org/security/source/security/nss/lib/cryptohi/secvfy.c#600) > > Why does vfy_VerifyDigest treat different signature algorithms > differently? Is the reason the difference between the properties of > the three signature algorithms, or is it some purely implementation > reason? Why doesn't the PKCS#11 token handle verifying RSA > signatures, too? > > Regards, > Peter > > _______________________________________________ > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
