Hello, > > Server decrypts this packet with client certificate, calculates its own > > hash, compares this two hashes and accepts client authentication or not. > > It is not way how DSA/ECDSA signatures work. > If we are talking about RSA, we can talk about decrypting. > But in El-Gamal style algorithms (DSA, ECDSA, GOST R 34.10) there is no > way to "decrypt" signature and obtain original hash from signature. > We can verify signature, i.e. take hash and public key from certificate, > and check whether > signature was computed from same hash and corresponding private key. Of course, this is why for DSA and ECDSA calculated hash is 20 bytes length (SHA1). For this algorithms standard DSA/ECDSA procedure is performed. Of course bigger hash data may be used for DSA when new DSA/ECDSA parameters are generated (second prime of size equal to new hash size) or hash is truncated to 20 bytes.(but accoring to FIPS SHA1 is standard).
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
