Nils Larsch wrote:


due to the somewhat unfortunate binding between the digest type
and signature algorithms "-sha512" could only be used in combination
with the RSA algorithm (this will hopefully change in a future
version). Furthermore the X9.62 (the ecdsa standard) version on
which this implementation is based allows only SHA-1 (don't know
whether a revised X9.62 version has already been released) => if
you want to create ecdsa signatures with the dgst command you should
try something like:
    openssl dgst -ecdsa-with-SHA1 ...

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]


I appreciate the info, but I'm still getting an error when I use your syntax to verify (shown below). Any ideas? Without delving deeply into the source, this is becoming very difficult to debug. Is there some place where all these functions are documented, or are they generally left out of the docs since they are so new?

[EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -sign ec.key.prime192v2.pem -out ec.test.sig.hex.sha512 .viminfo [EMAIL PROTECTED]:~$ openssl dgst -ecdsa-with-SHA1 -hex -verify ec.key.prime192v2.pem.pub -signature ec.test.sig.hex.sha512 .viminfo
Error Verifying Data
12313:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142: 12313:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1269: 12313:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=ECDSA_SIG
[EMAIL PROTECTED]:~$

Thanks,
Lloyd Brown

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to