[openssl-users] [openssl-dev] pkeyutl does not invoke hash?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Wed Jan 13 21:32:47 UTC 2016
On 1/13/16, 16:19 , "openssl-dev on behalf of Dr. Stephen Henson"
<openssl-dev-bounces at openssl.org on behalf of steve at openssl.org> wrote:
>On Wed, Jan 13, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
>>
>>
>> If the input to "pkeyutl -sign" is supposed to be digest output only -
>>then
>> what’s the point of having command line arguments specifying the digest
>>to
>> use? And if the input can be an arbitrary file (like for “dgst"), then
>>why
>> it doesn’t seem to work?
>>
>> I’d appreciate comments, guidance, etc.
>>
>
>The dgst utility performs hash+sign; the pkeyutl utility is supplied with
>the
>data to sign (which is usually but not always a hash).
I see. Thank you for explaining!
>The reason you can specify which hash the digest is for is that without
>that
>the utility just sees binary data of a certain length. By specifying the
>digest it can sanity check the length and in some schemes (e.g. RSA)
>include
>the digest algorithm in the data being signed (PKCS#1 DigestInfo structure
>for some RSA padding modes).
Can I suggest and ask that all of the above explanation is added
to/included in the pkeyutl man page? I’m sure it would save some grief to
other users.
Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160113/992a9801/attachment.bin>
More information about the openssl-users
mailing list