Algorithms

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Algorithms

Steffen Heil (Mailinglisten)
Hi

I have two questions about bouncycastle that I could not answer looking at
the website.

1. Which signature scheme is bouncycastle using for RSA signatures in
certificates if just "SHA1WithRSAEncryption" was specified?
   RSASSA-PSS or RSASSA-PKCS1-v1_5

2. Can this be configured?

Cheers,
  Steffen

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Algorithms

David Hook

BC uses the standard names given in the JCE/JCA documentation, so
SHA1WithRSAEncryption is the original PKCS 1 format. RSASSA-PSS
signatures include the masking algorithm used in the name - in this case
SHA1withRSAandMGF1.

You can't really configure this in BC, if you really have to move away
from the standard naming conventions the best bet would be to create
your own provider. If you are just signing and not encrypting you can
get by without needing a signing certificate.

Regards,

David

On 06/12/12 02:16, Steffen Heil (Mailinglisten) wrote:

> Hi
>
> I have two questions about bouncycastle that I could not answer looking at
> the website.
>
> 1. Which signature scheme is bouncycastle using for RSA signatures in
> certificates if just "SHA1WithRSAEncryption" was specified?
>     RSASSA-PSS or RSASSA-PKCS1-v1_5
>
> 2. Can this be configured?
>
> Cheers,
>    Steffen


Reply | Threaded
Open this post in threaded view
|

AW: [dev-crypto] Algorithms

Steffen Heil (Mailinglisten)
Hi

> BC uses the standard names given in the JCE/JCA documentation, so
SHA1WithRSAEncryption is the original PKCS 1 format. RSASSA-PSS signatures
include the masking algorithm used in the name - in this case
SHA1withRSAandMGF1.
> You can't really configure this in BC, if you really have to move away
from the standard naming conventions the best bet would be to create your
own provider. If you are just signing and not encrypting you can get by
without needing a signing certificate.

Ok, there seems to be a misunderstanding, since I surely don't want to move
away from standard naming conventions.
So let me rephrase my second question:

What would I have to pass instead of "SHA1WithRSAEncryption" to get
"RSASSA-PKCS1-v1_5"?
If I would then switch, were I to expect incompatibilities with common
software (especially openssl)?

(Is there any website, that *really explains* these naming conventions "for
dummys"? I am fairly new to those and while I roughly understood what each
name I saw meant, I did not find a page that explained it or helped me put
names together.)

Regards,
   Steffen


smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: AW: [dev-crypto] Algorithms

Arshad Noor

http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html


On Dec 6, 2012, at 3:24 AM, "Steffen Heil (Mailinglisten)" <[hidden email]> wrote:
>
> (Is there any website, that *really explains* these naming conventions "for
> dummys"? I am fairly new to those and while I roughly understood what each
> name I saw meant, I did not find a page that explained it or helped me put
> names together.)
>
> Regards,
>   Steffen
>

Reply | Threaded
Open this post in threaded view
|

Public key details - stuck on getting Symmetric Cipher used (AES-256)

Vasireddy, Venugopal
In reply to this post by David Hook

 

Hi David,

 

I struggled a bit but still I am unable to figure out the location/object for the following details in pgp public key object tree, When I loaded same pub key in pgp desktop it is showing these information; so they must be available some where.

 

1) Symmetric Cipher used (AES-256) - I got preferred cipher list in signature but not Symmetric cipher used in creating key pair.

 

2) Compression (ZIP) - I got Preferred Compression list from signature object; I don't know where pgp desktop is getting this info; it is putting check mark for "zip" though while creation I passed zip/zlib for " PGPSignatureSubpacketGenerator" as preferred compression algos.

 

 

 

 

Thanks and Regards

Venu

620  W. Covina Blvd

San Dimas, CA  91773

909-592-6411 Ext 2180

909-772-4045 (Cell)

11560 (Direct Connect)


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
Reply | Threaded
Open this post in threaded view
|

Re: Public key details - stuck on getting Symmetric Cipher used (AES-256)

David Hook

If they're not in the preferences attached to the signature they would have to be defaults assumed by the application.

You can work out the symmetric cipher used to create the secret key from the secret key packet itself. Use getKeyEncryptionAlgorithm() on PGPSecretKey.

Regards,

David

On 07/12/12 10:01, Vasireddy, Venugopal wrote:

 

Hi David,

 

I struggled a bit but still I am unable to figure out the location/object for the following details in pgp public key object tree, When I loaded same pub key in pgp desktop it is showing these information; so they must be available some where.

 

1) Symmetric Cipher used (AES-256) - I got preferred cipher list in signature but not Symmetric cipher used in creating key pair.

 

2) Compression (ZIP) - I got Preferred Compression list from signature object; I don't know where pgp desktop is getting this info; it is putting check mark for "zip" though while creation I passed zip/zlib for " PGPSignatureSubpacketGenerator" as preferred compression algos.

 

 

 

 

Thanks and Regards

Venu

620  W. Covina Blvd

San Dimas, CA  91773

909-592-6411 Ext 2180

909-772-4045 (Cell)

11560 (Direct Connect)


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.

Reply | Threaded
Open this post in threaded view
|

RE: Public key details - stuck on getting Symmetric Cipher used (AES-256)

Vasireddy, Venugopal

Thanks so much David.

 

=> If they're not in the preferences attached to the signature they would have to be defaults assumed by the application.

 

    Yep. It is.

                      

 

      PGPKeyRingGenerator keyRingGen = new PGPKeyRingGenerator(

                              PGPSignature.POSITIVE_CERTIFICATION, secretKey, email,

                              sha1Calc, hashedGen.generate(), null, new JcaPGPContentSignerBuilder(secretKey

                                          .getPublicKey().getAlgorithm(),

                                          HashAlgorithmTags.SHA512),

                              new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.TWOFISH,

                                          sha1Calc).setProvider("BC").build(password));

 

hashedGen.setPreferredSymmetricAlgorithms(false,

                              new int[] { SymmetricKeyAlgorithmTags.AES_192 ,

                              SymmetricKeyAlgorithmTags.AES_128, SymmetricKeyAlgorithmTags.TWOFISH, SymmetricKeyAlgorithmTags.CAST5});

 

 

 PGP Desktop is showing “AES-192” AS THE default cipher – picked from preferences (strongest), though I created Secret key with “TWOFISH” – which is

 In line with pgppublick key object structure.

 

 

 

 

                 

Thanks and Regards

Venu

620  W. Covina Blvd

San Dimas, CA  91773

909-592-6411 Ext 2180

909-772-4045 (Cell)

11560 (Direct Connect)


From: David Hook [mailto:[hidden email]]
Sent: Sunday, December 09, 2012 2:38 PM
To: [hidden email]
Subject: Re: [dev-crypto] Public key details - stuck on getting Symmetric Cipher used (AES-256)

 


If they're not in the preferences attached to the signature they would have to be defaults assumed by the application.

You can work out the symmetric cipher used to create the secret key from the secret key packet itself. Use getKeyEncryptionAlgorithm() on PGPSecretKey.

Regards,

David

On 07/12/12 10:01, Vasireddy, Venugopal wrote:

 

Hi David,

 

I struggled a bit but still I am unable to figure out the location/object for the following details in pgp public key object tree, When I loaded same pub key in pgp desktop it is showing these information; so they must be available some where.

 

1) Symmetric Cipher used (AES-256) - I got preferred cipher list in signature but not Symmetric cipher used in creating key pair.

 

2) Compression (ZIP) - I got Preferred Compression list from signature object; I don't know where pgp desktop is getting this info; it is putting check mark for "zip" though while creation I passed zip/zlib for " PGPSignatureSubpacketGenerator" as preferred compression algos.

 

 

 

 

Thanks and Regards

Venu

620  W. Covina Blvd

San Dimas, CA  91773

909-592-6411 Ext 2180

909-772-4045 (Cell)

11560 (Direct Connect)


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.