This is a discussion on Re: PKEYUTL application and ECDSA problem - Openssl ; On Thu, Mar 06, 2008, Alvarez, Daniel wrote: > Hi all: > > > I am trying to sign files with my own program and have followed almost the > same steps as the pkeyutl application included in the OpenSSL ...
On Thu, Mar 06, 2008, Alvarez, Daniel wrote:
> Hi all:
> I am trying to sign files with my own program and have followed almost the
> same steps as the pkeyutl application included in the OpenSSL distribution.
> When I try to sign 'large' files, the pkeyutl tool is not able to sign it
> producing a zero size output signature.
> I have debugged the application and it comes that the input buffer is never
> hashed. Thus, the ecda_do_sign function in ecs_ossl.c always returns
> ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
> when the input buffer is longer than the expected digest size.
> I don't know if it's already being solved but I thought about changing the
> way pkeyutl signs to:
> scheme instead of the existing EVP_PKEY_sign call.
The pkeutil program is meant to do that and provide a command line utility to
allow pre-digested data to be input.
If you want to digest and sign (the usual scheme for bulk data) use the dgst
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project http://www.openssl.org
User Support Mailing List email@example.com
Automated List Manager firstname.lastname@example.org