Home > Archive > Java Security > January 2006 > Siging alogrithm!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Suasana 2006-01-21, 7:57 am |
| Hi,
My program needs to sign and verify a message. The message is very small
like 64 bytes only. Do I still need to create a message digest (Hash)
for this? Or hashing is just needed to reduce data size?
In other words, if I encrypt my message with private key to create
signature. And send it over to decrypt it with public key to verify by
comparing orignal message and decrypted. Will there be any threat to my
private key? Can someone know my private key provided plain message and
its signature info?
remember, the formula is,
s = m ^ d MOD N
and in this case s, m and N are known.
please inform, thanks.
susan
| |
|
|
| Mike Amling 2006-01-23, 7:06 pm |
| Suasana wrote:
> Hi,
> My program needs to sign and verify a message. The message is very small
> like 64 bytes only. Do I still need to create a message digest (Hash)
> for this? Or hashing is just needed to reduce data size?
>
> In other words, if I encrypt my message with private key to create
> signature. And send it over to decrypt it with public key to verify by
> comparing orignal message and decrypted. Will there be any threat to my
> private key? Can someone know my private key provided plain message and
> its signature info?
>
> remember, the formula is,
> s = m ^ d MOD N
> and in this case s, m and N are known.
This is a naive signature. If you use proper padding, such as PSS,
you can securely sign either a hash or a (short) message.
--Mike Amling
|
|
|
|
|