On 5/11/21 3:49 PM, Dimitry Sibiryakov wrote:
11.05.2021 14:39, Mark Rotteveel wrote:
On 2021-05-11 11:51, Alex Peshkoff via Firebird-devel wrote:
That may work only for very short (like in a sample) 'Test message'-
for real-size messages hash is used for signing. rsa_sign just would
not work with too long argument.
Also take into an account - different people need different hashs here.
I find this extremely confusing. I would expect that is what PSS does
for you: hash the message and sign that hash, otherwise what is even
the point of the HASH parameter to RSA_SIGN?
I smell a misunderstanding here between you two...
RSA_SIGN indeed is supposed to get a message of any length, hash it
and crypt the hash thus forming the signature.
Depends upon implementation. In tomcrypt rsa_sign_hash() signs message
digests (hashes). I.e. one can't pass somethng long as input. See:
SQL> update test_rsa set encr = rsa_encrypt(K_PRV key k_pub );
Statement failed, SQLSTATE = 22023
TomCrypt library error: Invalid sized parameter.
-Encrypting using cipher RSA
where K_PRV is rather long varbinary. But:
SQL> update test_rsa set encr = rsa_encrypt(crypt_hash(K_PRV using SHA1)
key k_pub );
runs fine.
If it works somehow other way, it must be a bug.
I doubt that - sooner of all implementation detail, making use of
function a bit smarter. One can easily implement in PSQL function, which
gets a message of any length based on this one, the opposite does not work.
Using of context variables in the examples is really confusing.
Here I agree, my fault.
Tried to make an example as short as possible - looks like that's not
always good.
Main excuse - an idea to view something like signature or private key
with human eyes never used to come to my mind :)
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
