210561 ✨ [Q]Feb 28

Approximately 15 months after submittng FoI requests for the UK Railway's Barcoded Ticketing specifications, I've just managed to settle the appeal on the cases (on a Saturday of all days).

So, presenting for your reading enjoyment, some PDFs that the Government really didn't want me to get until the last minute: https://magicalcodewit.ch/rsp-specs/

Rail Settlement Plan Barcode Specs

The specifications for UK Railway Barcoded Tickets, provided under the Freedom of Information Act.

Show threadGuillaume EndignouxFeb 28
@q Re RSPS3001: Maybe it was too embarrassing that this standard uses RSA 1024, truncates a SHA-256 to only 8 bytes, and uses a custom way of RSA encryption of the plain data with the private exponent as a form of signing? 🤔
Show thread210561 ✨ [Q]Feb 28
@gendx the last part (signing with encryption) is exactly how bog standard RSA signatures work
Show threadGuillaume Endignoux

@q Aren't you supposed to at least hash the input message though? i.e. `signed_message = M || Enc(H(M))` rather than `Enc(custom_encoding(M))`?

The standard itself says that it's not quite PKCS#7 and that "some libraries may not provide the ability to encrypt [this way]" which didn't seem to bother those writing the spec. 🤔

Feb 28 at 5:23pmWeb
Show thread210561 ✨ [Q]Feb 28
@gendx there is a hash, of 8 bytes. yeah its not great, but neither is it catastrophic. if someone messed up the verifier in any number of ways though it’s insecure.