[strongSwan-dev] RSA-PSS-SHA256

Tobias Brunner tobias at strongswan.org
Tue Feb 6 10:00:07 CET 2018

Hi Sahana,

> Is there a reason why a new errata was not reported with the 2nd and
> 15th byte changed (rightly done as in the current strongswan
> identifier/ASN.1 blob) from the rejected errata?
> Just want to know which ASN.1 blob we should use to interop and maybe
> standardise/generalise it since the RFC ASN.1 blob (72 byte long) and
> the rejected errata are wrong.

Please read Tero's remarks below the erratas ("VERIFIER NOTES").  While
as sender you should e.g. not explicitly encode SHA-1 or send the
trailerField (i.e. the encoding from the erratas, with corrected length,
should be used) a recipient must understand both formats.  So the ASN.1
blobs in the RFC are not really wrong (they can be parsed perfectly
fine), they are just too explicit.


More information about the Dev mailing list