[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'
On Mon, Dec 1, 2014 at 9:30 AM, Ian Goldberg <iang@xxxxxxxxxxxxxxx> wrote:
> On Mon, Dec 01, 2014 at 09:14:03AM -0500, Nick Mathewson wrote:
>> Then how about specifying something like this for the RSA-signed part
>> (in place of the SHA1):
>> [fixed string] 8 bytes
>> [SHA512 signature] 32 bytes
>>
>> Where the fixed sting could be something like "HSNONTOR", and we can
>> reserve other strings for later if we actually do want to support RSA
>> signatures over SHA512.
>
> What kind of signature padding is done by the signature using the HS key
> today? I would be less wary if the *plaintext* (pre-hash) started with
> the above fixed string, and then some sensible padding mode (e.g., OAEP(+?))
> was put on top of it.
I believe Tor still uses PKCS1 padding for RSA signatures and OAEP for
RSA encryption.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev