I see. Steve, what would you suggest to add to the man page, in view of what we’ve been discussing for the last few days here? -- Regards, Uri Blumenthal
On 1/20/16, 11:37 , "openssl-dev on behalf of Dr. Stephen Henson" <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: >On Wed, Jan 20, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > >> On 1/20/16, 5:10 , "Hubert Kario" <hka...@redhat.com> wrote: >> >> It appears to me that pkeyutl is more an instrument to access those >> primitive operations, unlike dgst that provides access to the ???true??? >> (complete) signature function that includes hashing. So no matter what >> draft-josefsson-eddsa-ed25519-02 says, the hashing would have to be done >> in software, and the result passed to the token for the actual signing. >> >> >So, unless the above is false, I'd rather not add such absolute >> >statements. >> >> I see your point. Would leave the decision to you, in light of the >>above. >> Because the exact purpose of pkeyutl is unclear to me, I can???t insist. >> >> Assuming pkeyutl does provide access to the ???complete EdDSA >>function??? as >> specified in the draft above, one possibility is to add even more words, >> and explicitly state where the digest for sure is NOT invoked (RSA, DSA, >> ECDSA), and maybe where it is (EdDSA, maybe other future schemes)... >> >> >But please correct me if I'm wrong. >> >> Likewise. :-) >> > >Well pkeyutl along with pkey and genpkey are algorithm neutral versions of >rsautl, rsa, genrsa. Underneath they access the EVP_PKEY APIs so what >pkeyutl >does is largely governed by how those behave. So while there is some >common >behaviour (e.g. if a digest is specified the input will be a raw digest >with >length sanity checks) what happens in detail is determined by the >algortihms >themselves. > >Support for EdDSA isn't in OpenSSL yet (there are some issues to resolve >in >order to decide how the API will work) so how that will precisely behave >is >not yet defined. > >Steve. >-- >Dr Stephen N. Henson. OpenSSL project core developer. >Commercial tech support now available see: http://www.openssl.org >_______________________________________________ >openssl-dev mailing list >To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev