Is one of these (or something else) more standard than the alternatives?
verify(message, signature, publicKey)
vs
verify(signature, message, publicKey)
Asked
Active
Viewed 40 times
-1
Maarten Bodewes
- 90,524
- 13
- 150
- 263
Chris Clark
- 11
1 Answers
0
I would go for:
verify(publicKey, message, signature)
and there is objective reasoning behind it. Normally you first have to provide the public key (e.g. in an init method in the case of Java, then the data itself (e.g. in an update method) and finally you verify the actual signature. Note that the publicKey is often static; I personally prefer those at the start of the method.
Likewise, the signature generation would be:
sign(privateKey, message): signature
as you can see, nicely symmetric.
And since you are asking for a standard:
RSASSA-PSS-VERIFY ((n, e), M, S)
where (n, e) is the public key. This is straight out of RFC 3447 describing the RSA Cryptography Specifications.
Community
- 1
- 1
Maarten Bodewes
- 90,524
- 13
- 150
- 263