[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DoS and Replay protection for message signatures
On August 6, 2005 at 18:08, Douglas Otis wrote:
> > The hash is signed just regular data. The hash would be the SHA-1
> > (or maybe other cryptographic hash algorithm) of the body base64
> > encoded. This value is placed in DKIM-Signature for signing.
> Let me try to restate this idea to see if I understand it. You are
> suggesting that there be two hash operations. One first done for the
> message body where this hash value is then placed into the header. The
> second would be for the headers which is verified by the signature.
Yes, but I will try to clarify, hoping to more accurate from a
The body hash is just a cryptographic digest. For purposes of signing,
the data will be part of the input into the signature creation process.
For DKIM, it the hash is included in the DKIM-Signature field.
The "second" hash is intrinsic to the signing process. I.e. A
(RSA) signature is the encryption of a hash (technical details
defined in PKCS#1: RSASSA-PKCS1-v1_5). The signing process operates
on header-only data.
Side Note: Nothing prohibits the "body hash" to also include header
field data. I.e. The signature creation process only operates on
the DKIM-Signature field while the other message header fields are
included in the "body hash". Therefore, the signature itself can
be verified by only processing the DKIM-Signature field. If
cryptographically valid, the "body hash" can be verified (which
includes hashing specified header fields and body).
For purposes of computation, the separtion of the body into a separate
hash does not add any real extra work since the totality of the data
that is hashed is the same (except the addition of the base64 string
representing the body hash).