In http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html, it says:
"This is the signature, using the private part of the key pubB, of the 32-byte MB (which does not need to be hashed again to produce the signature)." In http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf, section 4.6: "z = the leftmost min(N, outlen) bits of Hash(M)" Where outlen is the output length of the hash function (256 here) and N is the bit length of q (160 for OTR). libgcrypt doesn't do this and, therefore, not does the OTR protocol. I think it's worth making a note of that - it screwed me up for a while :) Cheers AGL -- Adam Langley [email protected] http://www.imperialviolet.org _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
