[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changing signature algorithm
I thinks its one of the misuses of CMS in packet-cable. Its really
rsa-with-sha1, but it say in the AlgoritmIdentifier its bare-rsa.
Just checked the old code that supported packet-cable.
If you try the trunk I just added code for support of this. The
testcase test_cms exersices this code, specificly:
hxtool cms-create-sd --peer-alg=1.2.840.1135188.8.131.52 --
certificate=FILE:cert.pem in-file out-file
Basicly it allocates an hx509_peer_info() and say that the client
only supports rsa and not rsa-with-sha1.
It needs adaption to the current pk-init code, but that shouldn't be
Can you check if that solves your problem ?
6 jun 2007 kl. 10.15 skrev Tom Hansen:
> Yes. This is a packetcable requirement that singerInfos have a
> digestAlgo of sha1 and signatureAlgo of RSA. The function
> rsa_create_signature() only supports RSAwithSHA1. Modifying it for
> RSA results in recursive loop. It's not clear to me why this is.
> ----- Original Message ----
> From: Love Hörnquist Åstrand <firstname.lastname@example.org>
> To: email@example.com; firstname.lastname@example.org
> Sent: Tuesday, June 5, 2007 11:49:04 PM
> Subject: Re: Changing signature algorithm
> > I'm trying some changes to pkinit and wanting to understand the
> > piece of code
> > below. Specifically I want to change the signature algorithm from
> > RSA with SHA1
> > to just RSA. Doing so fails since lib/hx509/crypto.c:
> > rsa_create_signature()
> > does not support it. Why?
> RSA on non-digests is not very common, already done the digest ?
> Shape Yahoo! in your own image. Join our Network Research Panel today!