EdDSA Signing with context

James Muir muir.james.a at gmail.com
Sun Jun 25 13:05:38 UTC 2023

On Sun., Jun. 25, 2023, 3:02 a.m. , <openssl at symsysresearch.com> wrote:

> I am using OpenSSL (3.1) and working to add EdDSA support to libacvp.  I
> have discovered that the EdDSA implementation appears to ignore the
> "context-string" input variable to a signing operation.
> The man page for ED448 with 3.1
> (https://www.openssl.org/docs/man3.1/man7/Ed448.html) implies that only
> PureEdDSA is supported.  It contains the statement "No additional
> parameters can be set during one-shot signing or verification. In
> particular, because PureEdDSA is used, a digest must NOT be specified
> when signing or verifying."  In the notes section, it goes on to say
> "The PureEdDSA algorithm ... ".  These statements imply only support for
> Pure EdDSA and *not* pre-hash EdDSA.
> The "manmaster" page for ED448
> (https://www.openssl.org/docs/manmaster/man7/Ed448.html) says something
> very different.

Support for all five EdDSA instances from RFC 8032 is available on "master":


I don't think it available in a release yet.

-James M

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230625/7e631c32/attachment.htm>

More information about the openssl-users mailing list