Creating a raw signature of a hex string
Robert Moskowitz
rgm at htt-consult.com
Sun Apr 23 16:42:45 UTC 2023
On 4/23/23 12:04, Viktor Dukhovni wrote:
> On Sun, Apr 23, 2023 at 09:56:40AM -0400, Robert Moskowitz wrote:
>
>> I have a 136 byte object:
>>
>> 2e4a3f5b5e07a1fb254b811f5a1002b10a5fda326d944758324d7f16972aa2f63c4722b92001003ffe001405
> For the record, that's not 136 bytes, it is 88 hex digits (representing
> 44 bytes).
I made too errors doing this too fast. I did not build up the string
with the right stuff. And the 136 is the string-to-sign|64-byte-sig so
I should have said: 72 bytes.
Too tired from a poor nights sleep. No excuses, please... :)
>
>> I want the 64 byte signature.
> Example:
>
> $ openssl pkeyutl -sign -inkey edkey.pem -in /tmp/foo.dat -rawin | xxd -p -c 66
> 4865baed71e2aaba0aef5de8f5f268c93715a9efd86e47de7babaec7868b7f60a9cea24b14016367564999cfa691abdcc0a88c68e6eec52e2476fcf782d93206
>
> One essential ingredient is the "-rawin" option, which bypasses running
> the data through any digest algorithm. OpenSSL presently supports only
> the oneshot "pure" EdDSA signature algorithms, and the "rawin" option is
> necessary to enable their use.
>
> Another essential ingredient is that the input must be available all at
> once (not streamed in chunks), and therefore the input data must be in
> a file, not read from stdin.
What about from a python variable variable? I would assume type binary?
And thanks Viktor!
>
> On Sun, Apr 23, 2023 at 11:38:39AM -0400, James Muir wrote:
>
>> I think you would need an extra step to convert your message from hex to
>> binary.
> Indeed it is important to know whether you're signing the hexadecimal
> string, or the underlying binary data. If it is the hex string, make
> sure the input does not include a terminating newline (LF or CRLF) if
> the signature is to cover just the hex data.
>
More information about the openssl-users
mailing list