EdDSA Signing with context
James Muir
muir.james.a at gmail.com
Sun Jun 25 13:05:38 UTC 2023
On Sun., Jun. 25, 2023, 3:02 a.m. , <openssl at symsysresearch.com> wrote:
> I am using OpenSSL (3.1) and working to add EdDSA support to libacvp. I
> have discovered that the EdDSA implementation appears to ignore the
> "context-string" input variable to a signing operation.
>
> The man page for ED448 with 3.1
> (https://www.openssl.org/docs/man3.1/man7/Ed448.html) implies that only
> PureEdDSA is supported. It contains the statement "No additional
> parameters can be set during one-shot signing or verification. In
> particular, because PureEdDSA is used, a digest must NOT be specified
> when signing or verifying." In the notes section, it goes on to say
> "The PureEdDSA algorithm ... ". These statements imply only support for
> Pure EdDSA and *not* pre-hash EdDSA.
>
> The "manmaster" page for ED448
> (https://www.openssl.org/docs/manmaster/man7/Ed448.html) says something
> very different.
Support for all five EdDSA instances from RFC 8032 is available on "master":
https://github.com/openssl/openssl/pull/19705/commits
I don't think it available in a release yet.
-James M
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230625/7e631c32/attachment.htm>
More information about the openssl-users
mailing list