Hello,
> That means, that padding didn't solve the problem of
> known-plaintext-, chosen-plaintext-, chosen-cyphertext- or
> adaptive-chosen-plaintext-attacks? What about OAEP padding?
This padding solves some problems with signing messages.
When signing, you can not encrypt ANY text which is given
by other side.
In RSA for example if you sign (encrypt) two messages:
   c1 = RSA_sign(m1)
   c2 = RSA_sign(m2)
then:
   c = c1*c2 mod n
is equal to signing of m = m1*m2 mod n
but if you pad both messages with pkcs the probability
of getting something reasonable from m1*m2 and has
pkcs pad structure is very low.
Because of this, when verifying signed data you should
pay attention on proper message structure after decryption.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to