Questions tagged [pkcs1]
PKCS#1 is the first standard published by RSA Security, which was setup by the inventors of RSA, Rivest, Shamir and Adleman. It describes how the RSA problem can be used to perform secure signature generation and encryption.
52 questions
1
vote
2
answers
210
views
What are the implications of insufficient entropy when signing a payload using a SHA-RSA256 private key?
I have an embedded environment without access to entropy, trying to sign a message using RSA-SHA256 (JWT).
Would it be insecure to ignore the entropy requirements forcefully, and sign without any &...
- 13
3
votes
1
answer
611
views
Implications of switching RSA padding schemes
In my company we want to switch from PKCSv1.5 to PSS for RSA signing. This is because of the marvin attack vector.
My question is, if an adversary can see many similar messages that were signed with ...
- 133
4
votes
1
answer
201
views
Is Bypassing Padding Verification in RSA-PSS Dangerous?
I am currently working on a project involving RSA-PSS (Probabilistic Signature Scheme) for digital signatures. While researching potential vulnerabilities, I came across the well-known Bleichenbacher ...
- 41
1
vote
1
answer
1k
views
Differences between two RSA signatures using OpenSSL
I want to sign a file called data.txt and store its signature in data.txt.sig. To create the signature, I want to use an ...
- 123
0
votes
0
answers
232
views
How to get dp and dq of CRT-RSA?
I am learning to utilize flush+reload method to get private key of CRT-RSA.
CRT-RSA calculates two parts separately: mp = c^dp mod p and ...
- 101
0
votes
2
answers
2k
views
PKCS#7 SignedData - how is the "encryptedDigest" constructed for RSAES‐PKCS‐v1_5?
I need to use Azure Key Vault HSM to sign arbitrary data in a PKCS#7 CMS. There are plenty of libraries and packages that can do this if you supply them with the private key, but obviously I don't ...
3
votes
1
answer
371
views
Bleichenbacher '06 signature forgery against modified PKCS1 v1.5 format
Bleichenbacher’s ’06 RSA signature forgery targets incorrect PKCS1 v1.5 implementations where padding checks are omitted and RSA keys with e = 3 are used.
As per ...
- 131
0
votes
0
answers
197
views
Encrypt user AES keys with AWS KMS RSA key
I am developing a web application in which each user has some part of his data that is stored encrypted. We are hosted on AWS and I want to use KMS as part of the solution. To not make the solution ...
- 1
1
vote
1
answer
218
views
conflicting definitions for dP / dQ and exponent1 / exponent2 in PKCS 1?
In Section 2 dP and dQ are defined thusly:
...
- 2,969
1
vote
0
answers
913
views
PKCS#7 digest encryption algorithm - difference between rsaEncryption and sha256WithRsaEncryption
As part of our linux secure boot implementation using dm-verity and root hash signature checking, I need to sign a file with the following openssl command (example):
...
1
vote
1
answer
117
views
What are the security implications of RSA decryption of ciphertext >= modulus?
While reading through the sections about decryption in PKCS#1 v2.2, I noticed that the decryption algorithms are required to output the failure symbol: ...
- 11.7k
3
votes
2
answers
969
views
How are the instantiations of RSAES-OAEP and SHA*WithRSAEncryption different in practice?
For the spare-time project I had been working on, I'm evaluating the PKCS#1 padded RSA schemes for implementation.
For PKCS#1 v1.5, encryption doesn't seem to require a hash function, and the ...
- 11.7k
1
vote
0
answers
44
views
Does EESS#1 NTRUEncrypt use the PKCS#1 MGF (mask generation function)?
I downloaded the 1st-round NTRUEncrypt submission from NIST website, the spec mentions the mask generation function MGF1 in ASN.1 definition but not in algorithm description.
Does the EESS#1 ...
- 11.7k
1
vote
0
answers
57
views
Interval for PKCS#1 v1.5 compliant plaintext
In Bleichenbacher's paper (http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf, section 3.1) he concludes that if m*s is PKCS#1 v1.5 compliant we get the following interval:
$2B \...
- 23
5
votes
1
answer
904
views
Security of RSA-3072 with public exponent $2^{16}+1$
NSA recommendation for the pre-quantum period allows the use of RSA-3072 (https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm), nevertheless, is it safe enough to do it with the ...
- 1,155