yuvadm
commented
3 years ago Simply, it's an unnecessary complication that adds no value to the signature scheme and only causes confusion to developers.
Closed chaosite closed 3 years ago
yuvadm
commented
3 years ago Simply, it's an unnecessary complication that adds no value to the signature scheme and only causes confusion to developers.
chaosite
commented
3 years ago But if you sign the actual payload, then you have to deal with padding manually, and you're not guaranteed that the signature will always be the same size and so on...
But reading the code, it seems that what you mean is that the message is actually hashed twice? First manually, then as part of the signing operation?
yuvadm
commented
3 years ago Padding is handled by PKCS#1 v1.5, and you correct, about the double hashing. We'll clarify that in the README.
The crux of the issue is that most crypto APIs will handle padding and hashing for you, given a pub key, payload and a signature to verify. This is true in Python cryptography, in openssl, and in any other common crypto library.
So yes, the extra hashing step is redundant.
Isn't that a best practice?