Creating a raw signature of a hex string
rgm at htt-consult.com
Sun Apr 23 16:42:45 UTC 2023
On 4/23/23 12:04, Viktor Dukhovni wrote:
> On Sun, Apr 23, 2023 at 09:56:40AM -0400, Robert Moskowitz wrote:
>> I have a 136 byte object:
> For the record, that's not 136 bytes, it is 88 hex digits (representing
> 44 bytes).
I made too errors doing this too fast. I did not build up the string
with the right stuff. And the 136 is the string-to-sign|64-byte-sig so
I should have said: 72 bytes.
Too tired from a poor nights sleep. No excuses, please... :)
>> I want the 64 byte signature.
> $ openssl pkeyutl -sign -inkey edkey.pem -in /tmp/foo.dat -rawin | xxd -p -c 66
> One essential ingredient is the "-rawin" option, which bypasses running
> the data through any digest algorithm. OpenSSL presently supports only
> the oneshot "pure" EdDSA signature algorithms, and the "rawin" option is
> necessary to enable their use.
> Another essential ingredient is that the input must be available all at
> once (not streamed in chunks), and therefore the input data must be in
> a file, not read from stdin.
What about from a python variable variable? I would assume type binary?
And thanks Viktor!
> On Sun, Apr 23, 2023 at 11:38:39AM -0400, James Muir wrote:
>> I think you would need an extra step to convert your message from hex to
> Indeed it is important to know whether you're signing the hexadecimal
> string, or the underlying binary data. If it is the hex string, make
> sure the input does not include a terminating newline (LF or CRLF) if
> the signature is to cover just the hex data.
More information about the openssl-users