本文详细介绍了RSASSA-PSS和RSASSA-PKCS1-v1_5两种RSA签名方案,以及对应的EMSA-PSS编码方法。RSASSA-PSS适用于新的应用,利用EMSA-PSS进行编码,而RSASSA-PKCS1-v1_5则用于向后兼容。签名生成和验证过程涉及到消息的哈希、RSA加解密以及特定的编码规则,确保了数据的安全性。
文章目录
8. Signature Scheme with Appendix
简称RSASSA
Two signature schemes with appendix are specified in this document:
- RSASSA-PSS,适用于新应用,使用EMSA-PSS编码封装方案;
- RSASSA-PKCS1-v1_5,处理旧应用兼容性,使用EMSA-PKCS1-v1_5编码封装方案。
To verify a signature constructed with this type of scheme, it is necessary to have the message itself.
签名和验签,其实就是加密和解密,不同的是两种签名的封装方案(Section 9)。
8.1. RSASSA-PSS
8.1.1. Signature Generation
RSASSA-PSS-SIGN (K, M)
K signer’s RSA private key
M message to be signed, an octet string
Output:
S signature, an octet string of length k, where k is the length in octets of the RSA modulus n
一般明文M是一段hash。
Steps:
- EMSA-PSS encoding
EM = EMSA-PSS-ENCODE (M, modBits - 1);
# Note that the octet length of EM will be one less than k if modBits - 1 is divisible by 8 and equal to k otherwise.
- RSA signature:
m = OS2IP (EM);
s = RSASP1 (K, m);
S = I2OSP (s, k);
- Output the signature S
8.1.2. Signature Verification Operation
RSASSA-PSS-VERIFY ((n, e), M, S)
Input:
(n, e) signer’s RSA public key
M message whose signature is to be verified, an octet string
S signature to be verified, an octet string of length k, where k is the length in octets of the RSA modulus n
Output:
"valid signature" or "invalid signature"
Steps:
-
Length checking: S
-
RSA verification:
s = OS2IP (S);
m = RSAVP1 ((n, e), s);
EM = I2OSP (m, emLen);
- EMSA-PSS verification
Result = EMSA-PSS-VERIFY (M, EM, modBits - 1);
# Note that emLen will be one less than k if modBits - 1 is divisible
最低0.47元/天 解锁文章
扫一扫
1768
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
