Creating a raw signature of a hex string
James Muir
muir.james.a at gmail.com
Sun Apr 23 15:38:39 UTC 2023
On Sun., Apr. 23, 2023, 9:57 a.m. Robert Moskowitz, <rgm at htt-consult.com>
wrote:
> This is for work in the IETF DRIP workgroup and the objects created in
>
> https://datatracker.ietf.org/doc/draft-ietf-drip-auth/
>
> and used in
>
> https://datatracker.ietf.org/doc/draft-moskowitz-drip-a2x-adhoc-session/
>
> I have a 136 byte object:
>
>
> 2e4a3f5b5e07a1fb254b811f5a1002b10a5fda326d944758324d7f16972aa2f63c4722b92001003ffe001405
>
> And a pem formatted private key file (EdDSA25519) file.
>
> I want the 64 byte signature.
>
> So far in all my googling I have only found:
>
>
> https://stackoverflow.com/questions/35443847/how-to-create-detached-cms-signature
>
> and
>
> openssl cms -sign -signer cert.pem -inkey pkey.pem -binary -in data
> -outform der -out signature
>
> I think I would cut out the -signer, as no cert, just the pkey.
>
> This is NOT cms, no way, but is that needed.
>
> Basically what do I need to sign a bunch of bytes and get the signature?
>
Here is a sign/verify example with Ed25519:
openssl genpkey -algorithm ED25519 -out ed25519-priv.pem
openssl pkeyutl -sign -rawin -in msg.txt -inkey ed25519-priv.pem -out
sig.raw
openssl pkeyutl -verify -rawin -in msg.txt -sigfile sig.raw -inkey ed25519
-priv.pem
I think you would need an extra step to convert your message from hex to
binary.
-James M
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230423/f0f05741/attachment.htm>
More information about the openssl-users
mailing list