Petar Popara wrote:
I have succeeded to implement RSA encryption with PKCS1 padding. :)
But, I have one question. On RSA web site (pkcs-1v2-1.pdf), PKCS1 padding is
described like this:
EM = 0x00 || 0x02 || PS || 0x00 || M
This is specified in PKCS #1 v1.5, Section 8.1 Encryption-block
formatting.
This is what NSS's rsa_FormatOneBlock function implements. See
http://lxr.mozilla.org/security/source/security/nss/lib/softoken/rsawrapr.c#203
and ont W3C web site: http://www.w3.org/TR/xmlenc-core/#rsa-1_5
PKCS1 padding is described like this:
02 | PS* | 00 | key
Well, 0x00 at the beginning is missing. Why?
I also found this in PKCS #1 v2.0, Section 9.1.2.1 Encoding operation,
Step 3.
I believe this difference does not matter because the formatted block
is treated as a big-endian big integer by the RSA algorithm, so the
leading 00 octet is simply eight most significant 0 bits. For example,
0x00123456 is equal to 0x123456.
I suspect that this change made in PKCS #1 v2.0 confused many
people, so it was reversed in v2.1.
Wan-Teh
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
