Er O.K. hash +padding is too large for the ECC keysize. Which it almost
certainly will be since the larest ECC key defined is 521 bits.


From: Massimiliano Pala


Date: 20/03/2008 10:26

Subject: Re: Certs with ECDSA + SHA256

Thanks for the suggestion

I am able to use the SNAP version (although I had to link statically
my application because I have not being able to build the shared lib
version on my system...), although the RSA with SHA2 gives me problem
when I want to use the SHA384 or SHA512 (works ok with SHA224 or SHA256).

Anybody have tried those (>256) with RSA ? The error I get is when I try
to sign the certificate (or the request)


Larry Bugbee wrote:
>> is it possible to use ECDSA with EVP_MDs other than EVP_dss1() ? I am
>> interested in use it with SHA256, especially in X509 signatures(eg.,
>> certificates, requests, etc... ).

> I was successful in pulling and building the 0.9.9 SNAP at
> ECDSA (various curves) with the SHA2 family worked just fine. My only
> problem: I could not build the .dylib files for MacOSX.


Best Regards,

Massimiliano Pala

Massimiliano Pala [OpenCA Project Manager]

Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager