"Oliver Floericke" <[EMAIL PROTECTED]> writes:
> I'm not quite sure if this is a little bit off topic but maybe someone can
> answer it anyway:
>
> In the protocol of SSL there is this certificate_verify_message which is
> send after right the client has send its certificate. The message is
> composed of a combination of the recently exchanged messages, the master
> secret and some padding bytes. This data is somehow scrambled by MD5 and
> SHA. Ok.
And all this crap is signed by the client's private key.
The output of the digest operations is two digests, and MD5 digest
and a SHA-1 digest. When you're using RSA, you concatenate them
into one 36 byte string and RSA sign the entire thing. When you're
using DSA, you sign the SHA-1 digest only.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
