English 中文(简体)
Sign with RSA-1024 an SHA-256 digest: what is the size?
原标题:

I was wondering: 1) if I compute the digest of some datas with SHA-512 => resulting in a hash of 64 bytes 2) and then I sign this hash with RSA-1024 => so a block of 128 bytes, which is bigger than the 64 bytes of the digest

=> does it mean in the end my signed hash will be exactly 128 bytes?

Thanks a lot for any info.

问题回答

With RSA, as specified by PKCS#1, the data to be signed is first hashed with a hash function, then the result is padded (a more or less complex operation which transforms the hash result into a modular integer), and then the mathematical operation of RSA is applied on that number. The result is a n-bit integer, where n is the length in bits of the "modulus", usually called "the RSA key size". Basically, for RSA-1024, n is 1024. A 1024-bit integer is encoded as 128 bytes, exactly, as per the encoding method described in PKCS#1 (PKCS#1 is very readable and not too long).

Whether a n-bit RSA key can be used to sign data with a hash function which produces outputs of length m depends on the details of the padding. As the name suggests, padding involves adding some extra data around the hash output, hence n must be greater than m, leaving some room for the extra data. A 1024-bit key can be used with SHA-512 (which produces 512-bit strings). You could not use a 640-bit key with SHA-512 (and you would not, anyway, since 640-bit RSA keys can be broken -- albeit not trivially).





相关问题
Extend Contacts application on Android to provide encryption

I want to encrypt individual contacts stored by the Contacts application on Android based on user s preference. So, I am thinking I ll have to hook/extend the Contacts application before the it stores ...

Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

How to Pack/Encrypt/Unpack/Decrypt a bunch of files in Java?

I m essentially trying to do the following on a Java/JSP-driven web site: User supplies a password Password is used to build a strongly-encrypted archive file (zip, or anything else) containing a ...

Thread & Queue vs Serial performance

I though it ll be interesting to look at threads and queues, so I ve written 2 scripts, one will break a file up and encrypt each chunk in a thread, the other will do it serially. I m still very new ...

Convert PHP encryption code to C#

I m trying to convert this piece of code from PHP to C#. It s part of a Captive Portal. Could somebody explain what it does? $hexchal = pack ("H32", $challenge); if ($uamsecret) { $newchal = ...

Encryption: how to have 1 iv despite multiple fields

I ve been stuck trying to arrive at a best solution for this for a while. I know that an initialization vector has to be unique for each item being encrypted. So if I m encrypting an address and I ...

热门标签