On Thu, Mar 06, 2008, Alvarez, Daniel wrote: > Hi all: > > > I am trying to sign files with my own program and have followed almost the > same steps as the pkeyutl application included in the OpenSSL distribution. > When I try to sign 'large' files, the pkeyutl tool is not able to sign it > producing a zero size output signature. > > I have debugged the application and it comes that the input buffer is never > hashed. Thus, the ecda_do_sign function in ecs_ossl.c always returns > > ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); > > when the input buffer is longer than the expected digest size. > > I don't know if it's already being solved but I thought about changing the > way pkeyutl signs to: > > EVP_SignInit > EVP_SignUpdate > EVP_SignFinal > > scheme instead of the existing EVP_PKEY_sign call. >
The pkeutil program is meant to do that and provide a command line utility to allow pre-digested data to be input. If you want to digest and sign (the usual scheme for bulk data) use the dgst utility instead. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
