- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Thu, 30 May 2002 11:47:33 -0400
- To: Jiandong Guo <jguo@phaos.com>
- Cc: reagle@w3.org, merlin <merlin@baltimore.ie>, xml-encryption@w3.org
The reference for MGF1 is RFC 2437 section 10.2.1. The specification
is fixing it, over my previous objections, with the "Hash" option set to
SHA-1, which corresponds to the OID mgf1SHA1Identifier as specified in RFC
2437 section 11.2.1.
Tom Gindin
Jiandong Guo <jguo@phaos.com>@w3.org on 05/29/2002 02:59:29 PM
Sent by: xml-encryption-request@w3.org
To: reagle@w3.org
cc: merlin <merlin@baltimore.ie>, xml-encryption@w3.org
Subject: Re: rsa/oaep
Joseph Reagle wrote:
> I'm generally happy with [1] (includes some tweaks) but is there a
> reference for MGF1WithSHA!?
I remebered that it was used in the ASN1 syntax for RSA-OAEP. But I could
be
wrong.
It is probably safer to write it as "MGF1 with SHA1".
>
>
> [1] The RSAES-OAEP-ENCRYPT algorithm, as specified in RFC 2437 [PKCS1],
> takes three parameters. The two user specified parameters are a MANDATORY
> message digest function and an OPTIONAL encoding octet string OAEPparams.
> The message digest function is indicated by the Algorithm attribute of a
> child ds:DigestMethod element and the mask generation function, the third
> paramter, is always MGF1WithSHA1. Both the message digest and mask
> generation functions are used in the EME-OAEP-ENCODE operation as part of
> RSAES-OAEP-ENCRYPT. The encoding octet string is the base64 decoding of
the
> content of an optional OAEPparams child element . If no OAEPparams child
is
> provided, a null string is used.
This looks good to me.
Thanks.
Jiandong
Received on Thursday, 30 May 2002 11:50:35 UTC