Is there any advantage in using the openssl function "RSA_sign" for RSA based Digital signatures of a block of raw data, compared to simply doing it manually by generating a SHA1 hash (fingerprint) of that data, and encrypting it with the RSA private key encryption "RSA_private_encrypt"? Both method, would be appear to meet legal requirements of digital signatures in many countries (including the US). In addition, if the RSA+SHA1 method is okay, I would like to add additional information to the digital signature, including a time stamp, reference number, etc. Is it okay to append that information to the SHA1 hash as plain (unencrypted data), and RSA private key encrypt everything (hash + info)? I heard that RSA is susceptible to plain text attacks, in that if some of a RSA encrypted data is known, it is easier to get the rest of the data, and that is why RSA is typically used for HASHes & random session keys, which are hard to guess. But if this is true, does it also apply to RSA private key encryption? In other words, if I often RSA private key encrypt the same hash with different info, or different hashes with the same info, would it make it easier for a hacker to use that in a plain text attack to forge a digital signature by faking RSA private key encryption? And lastly, a SHA1 hash is only 20 bytes long, even if we add 8 bytes for info like time stamp, reference number, etc., we only have 28 bytes total. RSA encryption with a 1024 bit RSA key works on blocks of 128 bytes, so we have (100 == 128 - 20 - 8) unused bytes. Is it safe to PKCS1 padding for these remaining 100 bytes, or will this also be vulnerable to plain text attacks? Also having to store 128 bytes per digital signatures which really only contains 28 bytes of data seems to be inefficent. Can the signature be shunk to something closer to 28 bytes in size without reducing security by decreasing the RSA key size or making the signatures more suspectable to forgery (maybe with a plain text attack)? Thank you in advance. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
