|
|
|
|
|
|
by fweimer
724 days ago
|
|
|
I've used it to confirm that a service computes the RSA signature correctly and just advertises the wrong public key. If the signature is always consistent with some public key, but it's not the right one, that's not very interesting. If the signature sometimes matches the advertised public key, but sometimes it does not, that could point towards a miscomputation that allows recovery of the private key. |
|
|