rsa implementation question

Bryan Olson bryanjugglercryptographer at yahoo.com
Thu Aug 12 03:49:45 CEST 2004


Ajay wrote:
> could you elaborate on that? i thought signing by decrypting is
> the way to do it.

That is how Rivest, Shamir and Adleman originally presented it,
and they did win the ACM's Turing Award for the work, but the 
use of 'raw' RSA is full of subtle problems.  To understand the 
basics, see chapter 11 of the book that Heiko Wundram cited: 
(available free on-line)

  http://www.cacr.math.uwaterloo.ca/hac/

In you really want to understand the math, I cited some of the 
major papers in my response to Wundram.  That's beyond the scope 
of this group.

If you're implementing, just use a current standard that 
cryptologists respect.  For basic RSA (en/de)crypt and 
sign/verify, PKCS#1 is a fine way to go.   As I write this the 
current version is 2.1, which is also published as RFC 3447.


-- 
--Bryan



More information about the Python-list mailing list