On 8/11/06, Andy Stewart <ruth_andy / fastmail.fm> wrote:
> So what's the difference between:
>
> - a signature specifying RSA on top of SHA-1
> - RSA encryption using a private key of SHA-1 hashed data?
>
> Conceptually they are the same, I believe, so why do
> RSA::private_encrypt and RSA::sign behave differently?

The protocol for digital signatures (oversimplifying) is to encrypt
(sign) with a private key and decrypt (verify) with a public key.
That's what RSA::private_encrypt is for. (If you're using encryption
in order to hide data instead of verify it, you encrypt with a public
key.)

But asymmetric encryption is exceptionally costly, so signatures are
always done by encrypting a "digest" (a cryptographically-strong hash)
of the plaintext rather than the whole text- that's where SHA-1 comes
in. Now you only have to encrypt 20 bytes with your private key.

RSA::sign does the hashing as well as the encrypting for you. It's a
convenience function. Several layers below, a private-key encryption
gets done just as with RSA::private_encrypt.