Suppose I have a message M for which I generate an RSA-2048 digital signature as follows:
H = SHA-256(M) S = H^d mod N Assume N = p*q is properly generated and d is the RSA private key. And I verify the signature as follows: S^e mod N == H' where H' is the SHA-256 of the message to be authenticated. Assume e is the RSA public key. Since I've not used any padding then are there any flaws with the above approach? What if e = 3? What if e = 2^16+1? Your guidance is much appreciated. Thank you, Filip
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography