To elaborate a bit.

Signing of some has is usually done instead of signing some input data
directly.
For that reason signature verification is basically a combination of
hash calculation with signature verification...
The issue here is that different padding schemes can be applied to the
has before it is signed.
So after RSA decryption, de-padding has to be done, before comparing
result to the calculated hash.

- Dmitry



On 22/03/11 08:59, Dmitry Kasatkin wrote:
> Hi,
>
> As I have said in my email that it will be used by IMA/EVM subsystem.
> See security/integrity subdirectory in Linux kernel...
>
> Indeed, use of HW accelerator is also on of the targets...
>
> - Dmitry
>
>
>
> On 21/03/11 16:06, ext Herbert Xu wrote:
>> On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote:
>>> Do you think it make sense to have it as a crypto "algo"
>>> What kind of API you would have in mind?
>> So the obvious question is who will use this functionality in
>> the kernel? If the only use is going to be in user-space, then
>> the next question is are you doing this for hardware enablement.
>>
>> Cheers,
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to