On 2010-05-04 08:24 PST, Frédéric SUEL wrote: > I would like to know if RSA 2048 digital signature with SHA hash (224, > 256 and more bit) is possible in Mozilla products. In particuler if i > can realise a RSA 2048/SHA 256 digital signature with Thunderbird 2.x > or 3.x
The underlying NSS crypto libraries are certainly capable of it. If Thunderbird receives a signed email with such a signature, it will happily handle it. However, IIRC, Thunderbird will not generate such a signature at this time. The reasons for this are: 1) generating signatures that can be handled by all other S/MIME clients is still considered to be of paramount importance, and 2) there are still a HUGE number of systems out there that cannot handle SHA2, including all WinXP systems at SP2 and below, and 3) S/MIME has a way to negotiate encryption ciphers but no way to negotiate acceptable signature algorithms, so there's no way for Thunderbird to know which of your correspondents can handle such signatures and which cannot. > It is possible to have the same response for ECDSA digital signature. IIRC, at present, Thunderbird does not handle ECDSA signatures. > Thanks Regards, /Nelson Bolyard -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto