-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
akv_rsa_priv_enc function should be for signing #13
Comments
this engine only performs private key operations. |
Ok, but the padding in the function akv_rsa_priv_enc still seems wrong. It should be RS256 or PS256 (for SHA256, other padding for corresponding to hash function) rather than RSA1_5 or RSA_OAEP. |
I think you mix up things for encrypt/decrypt and sign. Those are basics. But for your knowledge, please refer to the doc |
I assume that the akv_rsa_priv_enc function is the key vault version of the rsa_ossl_private_encrypt (https://github.com/openssl/openssl/blob/master/crypto/rsa/rsa_ossl.c) function which is for signing. Otherwise, I'm not sure what it means to encrypt with a private key (encryption should be done with the public key). |
Your assumption is wrong. please read the code and try the examples. |
Hi,
I think the akv_rsa_priv_enc function should be for signing and not for encryption to be consistent with the rsa_ossl_private_encrypt function in openssl. More specifically the result of akv_rsa_priv_enc should be the message padded with the signature padding (eg. EMSA-PKCS1-V1_5-ENCODE) raised to the private exponent.
The current akv_rsa_priv_enc function seems like it should be named akv_rsa_pub_enc instead.
Thanks,
Alex
The text was updated successfully, but these errors were encountered: