Nils Larsch wrote:
due to the somewhat unfortunate binding between the digest type
and signature algorithms "-sha512" could only be used in combination
with the RSA algorithm (this will hopefully change in a future
version). Furthermore the X9.62 (the ecdsa standard) version on
which this implementation is based allows only SHA-1 (don't know
whether a revised X9.62 version has already been released) => if
you want to create ecdsa signatures with the dgst command you should
try something like:
openssl dgst -ecdsa-with-SHA1 ...
Cheers,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
I appreciate the info, but I'm still getting an error when I use your
syntax to verify (shown below). Any ideas? Without delving deeply into
the source, this is becoming very difficult to debug. Is there some
place where all these functions are documented, or are they generally
left out of the docs since they are so new?
[EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -sign
ec.key.prime192v2.pem -out ec.test.sig.hex.sha512 .viminfo
[EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -verify
ec.key.prime192v2.pem.pub -signature ec.test.sig.hex.sha512 .viminfo
Error Verifying Data
12313:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long:asn1_lib.c:142:
12313:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header:tasn_dec.c:1269:
12313:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:374:Type=ECDSA_SIG
[EMAIL PROTECTED]:~$
Thanks,
Lloyd Brown
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]