- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Wed, 31 Oct 2001 08:10:48 +0100
- To: "Dournaee, Blake" <bdournaee@rsasecurity.com>, XML Encryption WG <xml-encryption@w3.org>
Hi Blake,
> I have a question about the schema definition for <EncryptionMethod> in
> Section 5 from http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
>
> It looks like <ds:DigestMethod> is specified as a possible child element.
>
> Can someone explain how this works? Is this a carry-over from the previous
> proposal to provide some sort of ciphertext integrity? If not, what is the
> purpose of specifying a hash algorithm for the encryption method?
The DigestMethod is needed for the key transport mechanism in "5.4.2
RSA-OAEP":
"As described in the EME-OAEP-ENCODE function RFC 2437
[PKCS1, section 9.1.1.1], the value input to the key
transport function is calculated use the message digest
function and string specified in the DigestMethod and
OAEPparams elements and using the mask generator
function MGF1 specified in RFC 2437."
It is not used if you encrypt using AES block cipher or make DH key
agreement; it's only for RSA-OAEP.
Best regards,
Christian
Received on Wednesday, 31 October 2001 02:08:19 UTC