|
Information Security
< Previous Next >
Signature and BodyLength
Faltu Faltu
30 Aug 2007 1:38PM ETHi,
Fix Security protocol says - "Except for StandardTrailer, the whole message contributes to the message signature".
BodyLength is part of Header which is included for signature generation. Fix protocol specifies bodylength is calculated based on fields following bodylength upto fields before checksum field.
My question is: Should signature be considered for bodylength calculation during encryption? If yes, during signature generation, body length may not represent correct value (as signature is not added to field collection) but while decrypting body length includes signature value which results in different md5 hash. One can argue that since signature is of fixed length one can estimate the length and add to body length. But think it in implementation point of view, where body length is calculated based on field collection. (One can argue that signature field can be removed from the field collection before md5 hash generation during decryption. Then in this case we don't have the actual field collection.)
If no, and if it has been specified in any document, kindly point me to the right resource.
Thanks in Advance.
Signature and BodyLength
Faltu Faltu 30 Aug 2007 1:38PM ET
|
