1

Apart from obvious performance considerations, is there any mathematical or crypto reasons that imply that we sign a hash rather than a raw content ?

I read that it was because the hash must fit in the modulo size, but on the reverse when one encrypt with a public key RSA, the "size" doesn't seem to be a problem (ex: I never heard something like "we can't encrypt a file bigger than 256 bytes using a RSA public key").

Apart from performance/optimization, why don't we sign raw byte x509 certificate rather than hash ?

crypto-learner
  • 347
  • 4
  • 10
  • While the answers to this question explain it quite well, I want to add that the predominant reason one can encrypt larger files using RSA is hybrid encryption, which is in some sense analogous to signing a hash of the actual message. The size of a message would indeed be a problem in RSA encryption if it hadn't been solved yet. – yyyyyyy Jan 03 '15 at 18:47
  • 1
    The size limitation is similar for encryption and signing. It's the size of the modulus (256 bytes for RSA 2028) minus some space reserved for of padding (40ish bytes). The reason you never heard "we can't encrypt a file bigger than 256 bytes using a RSA public key" is because nobody (competent) does that. RSA encryption is almost always hybrid encryption i.e. you only encrypt a random key with RSA and the rest with symmetric encryption like AES. Just li – CodesInChaos Jan 03 '15 at 18:57
  • Also: a signed x509 cert using this construct would double in size if all of it is signed. Using the sign-the-hash technique on the other hand only required additional space for the size of the hash. – StackzOfZtuff Jan 03 '15 at 19:47

0 Answers0