<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
James,<br>
<br>
thanks I will give this a try. I already have the 1st step via
PyCryptodome, but that code was yet to implement EdDSA signing.<br>
<br>
I am all too familiar with the fighting in Python to get the right
type.<br>
<br>
<div class="moz-cite-prefix">On 4/23/23 11:38, James Muir wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAKBUS6yEMXCdZs5i4seK1WbTAGityb9u2ca_OujQ8tfFK+nMfg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">
<div><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun., Apr. 23, 2023,
9:57 a.m. Robert Moskowitz, <<a
href="mailto:rgm@htt-consult.com" moz-do-not-send="true"
class="moz-txt-link-freetext">rgm@htt-consult.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">This is
for work in the IETF DRIP workgroup and the objects
created in<br>
<br>
<a
href="https://datatracker.ietf.org/doc/draft-ietf-drip-auth/"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://datatracker.ietf.org/doc/draft-ietf-drip-auth/</a><br>
<br>
and used in<br>
<br>
<a
href="https://datatracker.ietf.org/doc/draft-moskowitz-drip-a2x-adhoc-session/"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://datatracker.ietf.org/doc/draft-moskowitz-drip-a2x-adhoc-session/</a><br>
<br>
I have a 136 byte object:<br>
<br>
2e4a3f5b5e07a1fb254b811f5a1002b10a5fda326d944758324d7f16972aa2f63c4722b92001003ffe001405<br>
<br>
And a pem formatted private key file (EdDSA25519) file.<br>
<br>
I want the 64 byte signature.<br>
<br>
So far in all my googling I have only found:<br>
<br>
<a
href="https://stackoverflow.com/questions/35443847/how-to-create-detached-cms-signature"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://stackoverflow.com/questions/35443847/how-to-create-detached-cms-signature</a><br>
<br>
and<br>
<br>
openssl cms -sign -signer cert.pem -inkey pkey.pem -binary
-in data <br>
-outform der -out signature<br>
<br>
I think I would cut out the -signer, as no cert, just the
pkey.<br>
<br>
This is NOT cms, no way, but is that needed.<br>
<br>
Basically what do I need to sign a bunch of bytes and get
the signature?<br>
</blockquote>
</div>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Here is a sign/verify example with Ed25519:</div>
<div dir="auto"><br>
</div>
<div dir="auto"><span style="font-size:12.8px">openssl genpkey
-algorithm </span><span
style="color:rgb(32,33,36);background-color:rgb(117,90,11);font-size:12.8px">ED25519</span><span
style="font-size:12.8px"> -out </span><span
style="color:rgb(32,33,36);background-color:rgb(117,90,11);font-size:12.8px">ed25519</span><span
style="font-size:12.8px">-priv.pem</span><br
style="font-size:12.8px">
<span style="font-size:12.8px">openssl pkeyutl -sign -rawin
-in msg.txt -inkey </span><span
style="color:rgb(32,33,36);background-color:rgb(117,90,11);font-size:12.8px">ed25519</span><span
style="font-size:12.8px">-priv.pem -out</span> <span
style="font-size:12.8px">sig.raw</span><br
style="font-size:12.8px">
<span style="font-size:12.8px">openssl pkeyutl -verify -rawin
-in msg.txt -sigfile sig.raw -inkey</span> <span
style="color:rgb(32,33,36);background-color:rgb(117,90,11);font-size:12.8px">ed25519</span><span
style="font-size:12.8px">-priv.pem</span><br>
</div>
<div dir="auto"><span style="font-size:12.8px"><br>
</span></div>
<div dir="auto">I think you would need an extra step to convert
your message from hex to binary.<br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">-James M </div>
<div dir="auto">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>