Re: [Users] Confused about RSA signatures

From: Daniel Djamaludin (danield_at_snapgear.com)
Date: Tue Jan 07 2003 - 07:40:26 CET

• Next message: Julio Saura Alejandre: "Re: [VF][Users] VPN error"
• Previous message: Sam Sgro: "Re: [Users] lack of klips in the kernel"
• In reply to: D. Hugh Redelmeier: "Re: [Users] Confused about RSA signatures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Hugh,

Thanks very much for responding. I actually felt quite foolish since I
looked in the exact same file you suggested and found the answer to my
question - after I had just sent the email to the list and having spent
some time looking (oviously not hard enough). I was wondering since one
of our customers was interested in exactly what RSA algorithm was used.
We use freeswan in the VPN firewall routers that SnapGear makes. Thanks
very much for your time.

Regards,
Daniel Djamaludin

D. Hugh Redelmeier wrote:

>| From: Daniel Djamaludin <danield_at_snapgear.com>
>
>| I was wondering if freeswan used RSAES-OAEP and/or RSAES-PKCS1-V1.5.
>| I've had a look at the old postings by D. Hugh Redelmeier a few years
>| ago, but I couldn't ascertain which was used in the end
>| (http://www.sandelman.ottawa.on.ca/linux-ipsec/html/1999/11/msg00389.html).
>| Does anybody know please? And is RSA-PSS used as well?
>
>Why are you wondering? Are you planning on writing a different IKE?
>
>You can tell by reading the code. Look in
> freeswan/programs/pluto/ipsec_doi.c:RSA_sign_hash()
>
>
>/* Create an RSA signature of a hash.
> * Poorly specified in draft-ietf-ipsec-ike-01.txt 6.1.1.2.
> * Use PKCS#1 version 1.5 encryption of hash (called
> * RSAES-PKCS1-V1_5) in PKCS#2.
> */
>static size_t
>RSA_sign_hash(struct connection *c
>, u_char sig_val[RSA_MAX_OCTETS]
>, const u_char *hash_val, size_t hash_len)
>
>RSA-PSS isn't used.
>
>Hugh Redelmeier
>hugh_at_mimosa.com voice: +1 416 482-8253
>
>_______________________________________________
>Users mailing list
>Users_at_lists.freeswan.org
>http://lists.freeswan.org/mailman/listinfo/users
>
>
>
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Daniel Djamaludin - Software Engineer     EMAIL: danield_at_snapgear.com
SnapGear Inc.                             PHONE: +61 7 34352888
825 Stanley St Woolloongabba              FAX:   +61 7 38913630
Brisbane, QLD, 4102, Australia            WEB:   www.SnapGear.com
SnapGear - Custom Embedded Solutions and Security Appliances
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Julio Saura Alejandre: "Re: [VF][Users] VPN error"
• Previous message: Sam Sgro: "Re: [Users] lack of klips in the kernel"
• In reply to: D. Hugh Redelmeier: "Re: [Users] Confused about RSA signatures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Jan 08 2003 - 05:21:17 CET