Re: RSA signature interoperability

Wed, 24 Sep 2003 05:33:46 -0700 

Andreas,

Regarding Java S/MIME, check out http://www.bouncycastle.org/, which claims, 
"Generators for S/MIME and CMS (PKCS7)."

I have used Bouncy Castle's crypto APIs, but not their S/MIME APIs, so I am not sure 
about the details of their S/MIME APIs and whether they will satisfy your needs.

Frank



                                                                                       
                                                   
                      Andreas Feldner                                                  
                                                   
                      <[EMAIL PROTECTED]>          To:       [EMAIL PROTECTED]         
                                            
                      Sent by:                    cc:                                  
                                                   
                      owner-openssl-users@        Subject:  RSA signature 
interoperability                                                
                      openssl.org                                                      
                                                   
                                                                                       
                                                   
                                                                                       
                                                   
                      09/24/2003 06:00 AM                                              
                                                   
                      Please respond to                                                
                                                   
                      openssl-users                                                    
                                                   
                                                                                       
                                                   
                                                                                       
                                                   




Hi,

for a multiplatform project, I'm trying to find a method to create and verify
RSA signatures between the following 'worlds' of cryptography:

- MS CryptoAPI (unluckily brought in a certain crypto smart card)
- OpenSSL
- Java Cryptography (currently using the bouncy castle provider)

Whereas 'naked' RSA signatures verify OK between OpenSSL and JCE, MS generated
signatures (CryptSignHash) won't verify anywhere apart from the MS world,
though the hashes do match. I understood from my research in different
mailing lists, that this is a known problem that arises from different (and
apparently unknown) padding algorithm used by MS CryptAPI.

A proposed way to get interoperability between OpenSSL and CryptoAPI was to
use PKCS#7 signature standard (S/MIME detached signatures). Surprisingly,
this seems to kick Java out of the boat, as I couldn't find an implementation
of S/MIME algorithms for Java (!?).

So, perhaps I'm missing something obvious? Any hints are much appreciated!

Cheers,
Andreas.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]





--

This e-mail may contain confidential and/or privileged information. If you are not the 
intended recipient (or have received this e-mail in error) please notify the sender 
immediately and destroy this e-mail. Any unauthorized copying, disclosure or 
distribution of the material in this e-mail is strictly forbidden.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to