Er O.K. hash +padding is too large for the ECC keysize. Which it almost
certainly will be since the larest ECC key defined is 521 bits.

Peter




From: Massimiliano Pala

To: openssl-dev@openssl.org

Date: 20/03/2008 10:26

Subject: Re: Certs with ECDSA + SHA256






Thanks for the suggestion

I am able to use the SNAP version (although I had to link statically
my application because I have not being able to build the shared lib
version on my system...), although the RSA with SHA2 gives me problem
when I want to use the SHA384 or SHA512 (works ok with SHA224 or SHA256).

Anybody have tried those (>256) with RSA ? The error I get is when I try
to sign the certificate (or the request)

Later,
Max


Larry Bugbee wrote:
>> is it possible to use ECDSA with EVP_MDs other than EVP_dss1() ? I am
>> interested in use it with SHA256, especially in X509 signatures(eg.,
>> certificates, requests, etc... ).

>
> I was successful in pulling and building the 0.9.9 SNAP at
> ftp://ftp.openssl.org/snapshot/
> ECDSA (various curves) with the SHA2 family worked just fine. My only
> problem: I could not build the .dylib files for MacOSX.


--

Best Regards,

Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] pala@cs.dartmouth.edu

project.manager@openca.org

Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org