Support for PKCS#1 v1.5 signatures (RFC3447)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Python-Crypto |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
This patch adds support for PKCS#1 v1.5 signatures.
The sign() and verify() methods for an RSA key object
are extended to accept an optional 'protocol' parameter,
to specify how the signature should be carried out.
The default value is 'raw' (or 'schoolbook') which is
still the original algorithm. Since 'protocol' is optional
there should be no backward compatibility problems.
The 'protocol' associated to PKCS#1 v1.5 is either 'PKCS1',
'PKCS1-1.5' , or 'RSA/PKCS1-1.5'. Since such protocol
embeds the OID of the hash used, I have also modified
each available hash algorithm so that each hash object has got
an appropriate 'oid' string attribute, that will be retrieved
by the sign() method.
I guess that in the future we may add other protocols in
the same way, by picking intuitive strings (e.g.' PKCS1-PSS', 'X9.31', etc).
The verification code is not subject to Bleichenbacher's
(http://
and OKW's (http://
attacks.
Typical usage is the following:
import Crypto.Hash.SHA
import Crypto.
message = "Test"
hash = SHA.new()
hash.update(
signature = k.sign(hash, None, 'PKCS1')[0]
[... at the other end ...]
messageReceived = "Test"
hash = SHA.new()
hash.update(
auth = k.verify(hash, signatureReceived)
I forgot to add that this patch uses the DER routines from the previous one,
to make up the necessary DigestInfo structure, but in theory they could be
decoupled.