On 11-05-2021 16:38, Alex Peshkoff via Firebird-devel wrote:
Depends upon implementation. In tomcrypt rsa_sign_hash() signs message
digests (hashes). I.e. one can't pass somethng long as input. See:
SQL> update test_rsa set encr = rsa_encrypt(K_PRV key k_pub );
Statement failed, SQLSTATE = 22023
TomCrypt library error: Invalid sized parameter.
-Encrypting using cipher RSA
where K_PRV is rather long varbinary. But:
SQL> update test_rsa set encr = rsa_encrypt(crypt_hash(K_PRV using SHA1)
key k_pub );
runs fine.
But those are RSA_ENCRYPT, not RSA_SIGN, and I'm talking about RSA_SIGN.
And I repeat: given RSA_SIGN has a HASH parameter, and applies PSS, I
assume it hashes the message using the supplied (or default) hash
algorithm, and then signs the resulting hash. Having to hash this
yourself makes no sense to me.
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
