[Pki-users] Padding Scheme used in Fedora Dogtag

Fraser Tweedale ftweedal at redhat.com
Wed Mar 15 10:39:24 UTC 2017


On Wed, Mar 15, 2017 at 01:01:10PM +0530, Kaamel Periora wrote:
> thanks all,
> 
> So DogTag supports only PKCS #1 v1.5 padding. Is there a way to identify
> this setting via any admin interface?
> 
There is no setting to control this; it's just how the software is
currently implemented.

If you require support for PSS please file a ticket:
https://pagure.io/dogtagpki/new_issue

Cheers,
Fraser

> 
> 
> On Tue, Mar 14, 2017 at 9:33 AM, Fraser Tweedale <ftweedal at redhat.com>
> wrote:
> 
> > On Tue, Mar 14, 2017 at 03:35:49AM +0000, Michael StJohns wrote:
> > > *beats head against wall*. PSS. Not OAEP.   in my defense he did say
> > > encryption, but that's not what dogtag does.
> > >
> > No worries.
> >
> > I checked codebase; no mention of PSS or MGF so I conclude that we
> > do support only PKCS #1 v1.5 padding with RSA signatures.
> >
> > Cheers,
> > Fraser
> >
> > >
> > > On Mon, Mar 13, 2017 at 20:00 Fraser Tweedale <ftweedal at redhat.com>
> > wrote:
> > >
> > > > On Tue, Mar 14, 2017 at 12:45:49AM +0000, Michael StJohns wrote:
> > > > > He's asking whether to use PKCS1v1.5 padding or OAEP padding for RSA
> > > > > signatures.
> > > > >
> > > > > The latter is more secure, the former is much more common and
> > > > implemented.
> > > > >
> > > > The default signature algorithm for RSA is sha256WithRSAEncryption
> > > > (PKCS #1 v1.5 padding).  I'd have to check if we support RSASSA-PSS.
> > > >
> > > > Cheers,
> > > > Fraser
> > > >
> > > > >
> > > > > Mike
> > > > >
> > > > >
> > > > > On Mon, Mar 13, 2017 at 17:56 Fraser Tweedale <ftweedal at redhat.com>
> > > > wrote:
> > > > >
> > > > > > On Tue, Mar 07, 2017 at 01:48:54PM +0530, Kaamel Periora wrote:
> > > > > > > Dear Fraser,
> > > > > > >
> > > > > > > It is for the encryption process related to RSA.
> > > > > > >
> > > > > > I'm sorry, it is still not entirely clear what you are asking.
> > > > > > Could you state from a user perspective the actions you are
> > > > > > interested in, so I can identify exactly which operations are
> > > > > > involved, and answer your question?
> > > > > >
> > > > > > Thanks,
> > > > > > Fraser
> > > > > >
> > > > > > > Is there any literature to refer regarding this specific
> > information
> > > > > > > regarding DogTag?
> > > > > > >
> > > > > > > Regards,
> > > > > > > Kaamel
> > > > > > >
> > > > > > > On Tue, Mar 7, 2017 at 1:43 PM, Fraser Tweedale <
> > ftweedal at redhat.com
> > > > >
> > > > > > wrote:
> > > > > > >
> > > > > > > > On Tue, Mar 07, 2017 at 12:13:12PM +0530, Kaamel Periora wrote:
> > > > > > > > > Dear All,
> > > > > > > > >
> > > > > > > > > It is required to identify the padding scheme used by the
> > Fedora
> > > > > > dogtag
> > > > > > > > > system. Appreciate of someone could shed some light on this
> > > > > > requirement.
> > > > > > > > >
> > > > > > > > > Thanks
> > > > > > > > > Kaamel
> > > > > > > >
> > > > > > > > Hi Kaamel,
> > > > > > > >
> > > > > > > > Padding scheme for what?  Dogtag uses or supports various
> > kinds of
> > > > > > > > encryption and encodings with padding schemes.  Please be more
> > > > > > > > specific.
> > > > > > > >
> > > > > > > > Cheers,
> > > > > > > > Fraser
> > > > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Pki-users mailing list
> > > > > > Pki-users at redhat.com
> > > > > > https://www.redhat.com/mailman/listinfo/pki-users
> > > > > >
> > > >
> >




More information about the Pki-users mailing list