Forging RSA-PSS signatures with mbedTLShttps://research.kudelskisecurity.com/2017/02/03/forging-rsa-pss-signatures-with-mbedtls/ …
-
-
Replying to @veorq
I don't think there's a real issue here. You're supposed to pass in H(M) to that function. cf. v1.5 which does not do any hashing.
1 reply 0 retweets 0 likes -
if you pass in a whole message or hash of incorrect length to sign your signatures won't verify anywhere
1 reply 0 retweets 0 likes -
Replying to @JethroGB
my understanding is that data passed will be hashed regardless of its length, unless you specify the hash type; is that incorrect?
1 reply 0 retweets 0 likes -
Replying to @veorq
Yes, that's part of the EMSA-PSS encoding, see RFC 3447. If you use MD_NONE your signature will not be compatible
2 replies 0 retweets 0 likes
The documentation is confusing, at best: https://github.com/ARMmbed/mbedtls/blob/2adecba01f754bf317dc1a7c89782cfa85c98d64/include/mbedtls/rsa.h#L468-L469 ….
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.