Re: CALG_SSL3_SHAMD5 support for ClientAuthentication

From: John Banes (jabanes_at_comcast.remove.net)
Date: 10/26/05

  • Next message: Rhett Gong [MSFT]: "RE: Update CSP" 
    Date: Tue, 25 Oct 2005 18:47:26 -0700

    The CALG_SSL3_SHAMD5 algorithm uses a 36 byte hash value (MD5+SHA). There is
    no DER algorithm identifier in the PKCS signature block (per the SSL/TLS
    specification). This is a signature operation so you need to use type 1
    padding. I'm not familiar with the openssl library so I can't comment on the
    exact logistics to make this work using that library. Best of luck!

    Regards,
    John

    <viveque.kumar@gmail.com> wrote in message
    news:1130140396.649027.245530@g49g2000cwa.googlegroups.com...
    > Hi,
    > We are trying to do client authentication using Smart cards on
    > CustomCSP.
    >
    > I see the following taking place when the calls come in
    >> CPAcquireContext has PROV_RSA_FULL set
    >> CryptCreateHash has CALG_SSL3_SHAMD5 set as the algID
    >
    > During the call to CPSignHash, the call finally goes down to the RSAKey
    > class::SignHash() where it fails with an NTE_BAD_ALGID as there is no
    > separate handling for CALG_SSL3_SHAMD5
    >
    > In SignHash() function the following takes place on a piecemeal basis
    > for the different algorithms.
    >
    >> A header DER value is added to the Hash buffer and it's size to the Hash
    >> size
    >> The Hash value is then sent to openssl for PKCS1_type1() padding
    >> The padded data is then sent to be signed by the private key of the
    >> container using PKI
    >
    > Here, I am assuming that to support CALG_SSL3_SHAMD5 if I add another
    > case for the same will make the whole thing work.
    >
    > How do I find out / generate the header DER value for CALG_SSL3_SHAMD5
    > algorithm?
    > Also, the padding should be type1 or type2?
    >
    > Please help, I am very new to CSP and Hashing.
    >
    > - Vivek
    >

  • Next message: Rhett Gong [MSFT]: "RE: Update CSP"

    Relevant Pages

    • Re: SHA-1 vs. triple-DES for password encryption?
      ... be better to use a standard algorithm rather than a home-grown one. ... SHA-1 and 3DES have been reviewed for some time. ... This is where a hash comes in nicely. ... Longer passwords and hashes aid in making the hash much harder to work with. ...
      (SecProg)
    • Re: sort unique
      ... given that a hash table is not ... IMO if the vendor's algorithm does something "obvious", ... function to eliminate keys that hash to the same bucket per some ... strings of random lengths, and two strings are ...
      (comp.lang.lisp)
    • Re: out of memory
      ... read only the smaller file into a hash. ... the smaller file will fit into RAM. ... Depending upon the sorting algorithm this would be Ologor ... put your relevant data into a database and use ...
      (comp.lang.perl.misc)
    • Re: freebsd-updates install_verify routine excessive stating
      ... The algorithm with awk is still the fastest in theory. ... ASSUMING you have a good hash function that yields such result. ... to have enough free inodes on your file system. ...
      (freebsd-hackers)
    • Re: Probabalistic algorithms.
      ... >Hashing is typically just an optimisation. ... all the hash does is guarantee that given some ... >hard to factor the composite into its two prime factors. ... >algorithm that's dfaster than brute force factorisation, ...
      (comp.lang.pascal.delphi.misc)