Lloyd Brown wrote:
Hello all,
I'm struggling to get some openssl elliptic curve based file
digest/digital sig work done. I'm able to generate both ec and rsa keys
without a problem, and am trying to digest a file using the "openssl
dgst" command. However, I get something like this:
[EMAIL PROTECTED]:~$ openssl dgst -sha512 -sign ec.key.prime192v2.pem -hex
-out ec.test.sig.hex.sha512 file_to_digest
Error Signing Data
10917:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong
public key type:p_sign.c:103:
[EMAIL PROTECTED]:~$
The exact same syntax when used with an RSA key works fine. What am I
doing wrong? Am I missing something completely obvious?
due to the somewhat unfortunate binding between the digest type
and signature algorithms "-sha512" could only be used in combination
with the RSA algorithm (this will hopefully change in a future
version). Furthermore the X9.62 (the ecdsa standard) version on
which this implementation is based allows only SHA-1 (don't know
whether a revised X9.62 version has already been released) => if
you want to create ecdsa signatures with the dgst command you should
try something like:
openssl dgst -ecdsa-with-SHA1 ...
Cheers,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
