Yes you are correct. But... For RSA the max size cannot be greater than the modulus, and while I agree that usually it would be less, in general it doesn't have to be, with no negative impact on security when data to be signed is large enough to leave no room for padding. For ECDSA truncating data to be signed before the actual signing isn't going to win many friends in the security community, especially when this data is not a crypto hash output.
Semi-related: pkeyutl man page says "only SHA1 for ECDSA". Is it still correct? And why such a limitation? Thanks! Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Dr. Stephen Henson Sent: Thursday, January 14, 2016 19:03 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash? On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson" > <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: > > >On Thu, Jan 14, 2016, Salz, Rich wrote: > > > >> Okay, how about this. First, remove the NOTES subhead. Add this to > >>the end of the first paragraph: > >> > >> This program does not hash the input data and requires the input data > >> to be of the proper size, and must not be greater than the size of > >> the public key field or modulus. See dgst(1) for a unified > >> Interace. > >> > > > >The comment about the public key field or modulus is only true for some > >public > >key algorithms (e.g. RSA). > > Public key modulus would be true for RSA and DSA. Field would be true for > ECDSA (and I daresay EdDSA). What other signatures do we have? For RSA the maximum size depends on the padding mode and is typically less than the modulus. For ECDSA it can be exceed the field size: it is truncated in that case. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
