[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    UNSUBSCRIBE ME !!!
From:       Florin Andone <Florin.Andone () INFOPULSE ! RO>
Date:       2000-05-29 5:33:09
[Download RAW message or body]


-----Original Message-----
From: Doug Barlow [mailto:dbarlow@EXCHANGE.MICROSOFT.COM]
Sent: Friday, May 26, 2000 6:32 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: RSA Signatures with no OID - Further Comment


Steve,

On NT4 SP6a, the CRYPT_OAEP flag is supported on the CryptImportKey and
CryptExportKey services only; hence your bad flags error code.

The CRYPT_NOHASHOID is supported on NT4 SP6 for the CryptSignHash and
CryptVerifySignature services.

Using the CryptEncrypt service with a public key will cause random
padding to be put on the value being encrypted, per PKCS-1, Type 2  (Not
to be confused with Version 2).  Hence the encrypted data will be
different each time.

Try seeing if the signed results can be validated with OpenSSL, rather
than just matching the output.  That may help in determining whether or
not it's simply a padding problem.

Doug Barlow
Microsoft Corporation

 -----Original Message-----
From:   Steve Wilkinson [mailto:steve.wilkinson@SOLUTIONFORGE.COM]
Sent:   Friday, May 26, 2000 2:39 AM
To:     CryptoAPI@DISCUSS.MICROSOFT.COM
Subject:             RSA Signatures with no OID - Further Comment

Further to my earlier posting, we've tried CryptSignHash with
CRYPT_NOHASHOID and it doesn't give the same answer as we're getting
with
OpenSSL.  Can anyone shed any light; is it likely to be something to do
with padding?  If so, how do we correct it?

Conversely, when we use CryptEncrypt and pass in the private key, we get
a
different (and not what we're expecting) result each time.  We have the
Final flag set to true - I believe this is correct.  We're trying to
sign a
20-byte SHA1 hash.  The doc suggests that we might want to use the
CRYPT_OAEP flag so we can get PKCS#1 v2 formatting (that I believe we
want), but the function simply returns NTE_BAD_FLAGS.  This is
unexpected
as we're definitely using the MS Enhanced Cryptographic Provider. [IE
5.01,
NT 4.0 SP6a].

Suggests gratefully received.

Many thanks again - Steve.

----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]