AI_PKCS_RSAPrivate

MultiPrime

RSA Digital Signatures

The section “Authentication and Digital Signatures” on page 57 discusses what a digital signature is. This section describes how to write Crypto-C code that computes or verifies digital signatures. For signing, Crypto-C offers B_SignInit, B_SignUpdate, and B_SignFinal, which will digest the data and encrypt the digest using RSA encryption with a private key. For verification, Crypto-C offers B_VerifyInit, B_VerifyUpdate, and B_VerifyFinal, which will digest the data again, decrypt the signature with the RSA public key, and compare the digest to the decrypted signature.

Note that you cannot use the Sign and Verify functions if you do not want to digest the data. Some applications may not call for a digest; they may demand that the signature be the actual data encrypted with a private key. This is the case with some forms of authentication, for instance. In other cases, the data passed to the application has already been digested. In such an application, encrypt using

or AI_RSAPrivate; do not follow the model outlined here.

A digital signature is actually not the private-key encrypted digest of the data, but the private-key encrypted BER-encoding of the digest. (Remember that when you “encrypt” using the private key, you are actually following the same steps you use for decryption, even though you apply them to a plaintext file.) When you are using SHA1, this means the input data will be 35 bytes, not 20. The “encryption” follows the PKCS standards, so the data must be at least 11 bytes shorter than the modulus. Hence, the modulus must be at least 46 bytes (368 bits) for computing digital signatures using SHA1 as the digesting algorithm.

The example in this section corresponds to the file rsasign.c.

Computing a Digital Signature

Remember that with Crypto-C, you have the choice of doing your private-key operations normally or of using the blinding technique (see “Timing Attacks and Blinding” on page 95). You make this choice in the algorithm chooser. For normal signature operations, use AM_RSA_CRT_ENCRYPT. To use blinding, use AM_RSA_CRT_ENCRYPT_BLIND.

Step 1: Creating An Algorithm Object

Declare a variable to be B_ALGORITHM_OBJ. As defined in the function prototype in Chapter 4 of the Reference Manual, its address is the argument for

C h a p t e r 7 P u b l i c - K e y O p e r a t i o n s

2 3 3

Page 255
Image 255
RSA Security 5.2.2 manual RSA Digital Signatures, Computing a Digital Signature