I am implementing software for reader of ICAO-compliant e-Passport. In this document http://www.csca-si.gov.si/TR-PKI_mrtds_ICC_read-only_access_v1_1.pdf specified procedure Active Authentication and some its requirements. Active Authentication is procedure described in ISO/IEC 9796-2, Digital signature scheme 1.
Document above gives recommendations for key's size. If you look from page 23 then you see that recommendations are given for Active Authentication's keys with RSA, DSA and ECDSA. On 22 окт, 14:14, "Wei Dai" <[email protected]> wrote: > After looking at that standard, I don't think you're supposed to use it with > DSA or ECDSA, but only with RSA or RW. Also, it's not secure. > Seehttp://eprint.iacr.org/2009/203.pdf. > > Why do you have to implement this? > > -------------------------------------------------- > From: "Alexei" <[email protected]> > Sent: Thursday, October 22, 2009 3:01 AM > To: "Crypto++ Users" <[email protected]> > Subject: Re: Get MessageRepresentative from signature > > > > > > > ISO/IEC FDIS 9796-2 draft you can take for a free > >http://isotctest.iso.org/livelink/livelink/4459194/SC27N3032_Text_for... > > In this document verification scheme is described correctly. > > > Yes, it is signature scheme with message recovery. To verify signature > > the following steps should be performed: > > 1. Decrypt signature(get MessageRepresentative). Message > > representative in Digital signature scheme 1 consists of [Start byte | > > recoverable part of Message | hash(Message) | trailing byte(s)] > > 2. Construct Message* = [recoverable part of Message | non-recoverable > > part of Message] > > 3. Check that hash(Message) from signature is equal to hash(Message*). > > > In Internet I have seen only once that somebody had the same problem > >http://www.groupsrv.com/science/about117544.html > > > On 22 окт, 12:28, "Wei Dai" <[email protected]> wrote: > >> I'm not familiar with ISO/IEC FDIS 9796-2, and I can't find much > >> information > >> about it (without paying to buy the standard). Is it some kind of > >> signature > >> scheme with message recovery (SSR)? I never really finished implementing > >> support for discrete log-based SSR in Crypto++ (and nobody has complained > >> about that before), so the only way to do it is to write your own code > >> directly on top of the Integer and elliptic curve classes. You can try to > >> reuse DL_Algorithm_GDSA in gfpcrypt.h, or copy the code out and build on > >> top > >> of that. > > >> Or, if you want to try to finish the DL SSR framework in Crypto++, take a > >> look at DL_VerifierBase::RecoverAndRestart() in pubkey.h. But unlike with > >> RSA, message recovery with discrete log based schemes is complicated and > >> ultimately kind of pointless. > > >> -------------------------------------------------- > >> From: "Alexei" <[email protected]> > >> Sent: Thursday, October 22, 2009 12:53 AM > >> To: "Crypto++ Users" <[email protected]> > >> Subject: Get MessageRepresentative from signature > > >> > Hello! > > >> > I am implementing Digital signature scheme 1 described in ISO/IEC FDIS > >> > 9796-2. I have signature in binary form and public key. > >> > I know, how to get MessageRepresentative in case of RSA: call member > >> > ApplyFunction(...) of CryptoPP::RSA::PublicKey-object. > >> > But I don't know how to get MessageRepresentative in case of DSA and > >> > ECDSA... What I should do? Is their any general way to get > >> > MessageRepresentative independent on type of public key?- Скрыть > >> > цитируемый текст - > > >> - Показать цитируемый текст -- Скрыть цитируемый текст - > > - Показать цитируемый текст - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
