On 5/11/21 6:31 PM, Dimitry Sibiryakov wrote:
11.05.2021 17:26, Alex Peshkoff via Firebird-devel wrote:
To be precise - signature is a decrypted hash of a message, verify
means encrypt it bak - and get same hash.
To be more precise verify is comparison of a hash of the message with
decrypted hash from signature. That's why it is vulnerable to the
attack when a garbage block is put into the middle of the message
without changing its hash.
With asymmetric crypto algorithms processing data with private key is
traditionally called "encryption" , and processing with public key -
"decryption". In this terms signature is decrypted value of hash, i.e.
when signing a message RSA using private key provides a sequence of bits
that when encrypted will produce a hash. And yes - after encryption (or
as sometimes said - decryption with public key) it can be compared with
messages hash and should match. Certainly with mentioned vulnerability
of a garnage block in a message.
I.e. we say same things, but use different naming schemas.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
