RE: CryptoAPI sign multiple hash

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 07/07/05


Date: Wed, 6 Jul 2005 21:35:01 -0700

It's certainly possible to sign the SAME hash multiple times with different
keys - but I think that's not what you want. Can you please specify what is
your approach?

BTW I (and everybody in the security community) usually strongly advise
AGAINST coming up with your 'simplified' protocol. SSL has been vetted, it's
known to provide security. Your protocol may have hidden problems which only
an experienced cryptanalyst would see - IF anybody would be interested in
reviewing your protocol (usually NOT).

Please stick with known standard crypto algos and protocols.

Laszlo Elteto
SafeNet, Inc.

"fabpet@gmail.com" wrote:

> Hi all,
>
> I recently started developing using MS CryptoAPI, and i wanted to
> develope
> an key agreement mechanism similar to SSL but simpler...
>
> Is possible with criptoAPI to sign multiple hash? For example in SSL i
> have:
>
> digitally-signed struct {
> select(SignatureAlgorithm) {
> case anonymous: struct { };
> case rsa:
> opaque md5_hash[16];
> opaque sha_hash[20];
> case dsa:
> opaque sha_hash[20];
> };
> } Signature;
>
> i have to sign opaque md5_hash[16] and opaque sha_hash[20] of
> something...and i only have CryptSignHash function wich take one Hash.
>
> Is there a way to sign this struct without recalculating an other hash?
>
> regards
> Fabio
>
> P.S.
> Sorry for my english :)
>
>