All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
To: ext Herbert Xu <herbert@gondor.hengli.com.au>
Cc: "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: RSA signature verification
Date: Tue, 22 Mar 2011 09:26:16 +0200	[thread overview]
Message-ID: <4D884F18.8020301@nokia.com> (raw)
In-Reply-To: <4D8848EC.6070306@nokia.com>

To elaborate a bit.

Signing of some has is usually done instead of signing some input data
directly.
For that reason signature verification is basically a combination of
hash calculation with signature verification...
The issue here is that different padding schemes can be applied to the
has before it is signed.
So after RSA decryption, de-padding has to be done, before comparing
result to the calculated hash.

- Dmitry



On 22/03/11 08:59, Dmitry Kasatkin wrote:
> Hi,
>
> As I have said in my email that it will be used by IMA/EVM subsystem.
> See security/integrity subdirectory in Linux kernel...
>
> Indeed, use of HW accelerator is also on of the targets...
>
> - Dmitry
>
>
>
> On 21/03/11 16:06, ext Herbert Xu wrote:
>> On Mon, Mar 21, 2011 at 04:04:41PM +0200, Dmitry Kasatkin wrote:
>>> Do you think it make sense to have it as a crypto "algo"
>>> What kind of API you would have in mind?
>> So the obvious question is who will use this functionality in
>> the kernel? If the only use is going to be in user-space, then
>> the next question is are you doing this for hardware enablement.
>>
>> Cheers,

  reply	other threads:[~2011-03-22  7:25 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-03-21 14:04 RSA signature verification Dmitry Kasatkin
2011-03-21 14:06 ` Herbert Xu
2011-03-22  6:59   ` Dmitry Kasatkin
2011-03-22  7:26     ` Dmitry Kasatkin [this message]
2011-03-22  7:34     ` Herbert Xu
2011-03-22  8:57       ` Dmitry Kasatkin
2011-03-22  8:58         ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D884F18.8020301@nokia.com \
    --to=dmitry.kasatkin@nokia.com \
    --cc=herbert@gondor.hengli.com.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.