Re: [openssl-users] ECDSA sign/verify input data size
Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] ECDSA sign/verify input data size
Yes, it's correct. Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on my security knowledge, I thought that the signing algorithms perform hashing internally, while in this case it is not true. Thanks for the response. From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad Khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 2:14 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] ECDSA sign/verify input data size
Use the EVP_* interface for high-level functions. Use ECDSA_do_sign() or other low-level functions if you're absolutely sure about what you're doing. -- Erwann ABALEA Le 06/08/2012 14:31, Mohammad khodaei a écrit : Yes, it's correct. Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on my security knowledge, I thought that the signing algorithms perform hashing internally, while in this case it is not true. Thanks for the response. *From:* Erwann Abalea erwann.aba...@keynectis.com *To:* openssl-users@openssl.org *Cc:* Mohammad Khodaei m_khod...@yahoo.com *Sent:* Monday, August 6, 2012 2:14 PM *Subject:* Re: [openssl-users] ECDSA sign/verify input data size Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org mailto:openssl-users@openssl.org Automated List Manager majord...@openssl.org mailto:majord...@openssl.org
Re: [openssl-users] ECDSA sign/verify input data size
Thanks for the comment. I am searching on the net to find a sample to start. Do you know any sample to start working with EVP_* interfaces for elliptic curve? Thanks From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 3:42 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Use the EVP_* interface for high-level functions. Use ECDSA_do_sign() or other low-level functions if you're absolutely sure about what you're doing. -- Erwann ABALEA Le 06/08/2012 14:31, Mohammad khodaei a écrit : Yes, it's correct. Now I try to feed the ECDSA_do_sign with the output buffer of SHA256. Based on my security knowledge, I thought that the signing algorithms perform hashing internally, while in this case it is not true. Thanks for the response. From: Erwann Abalea erwann.aba...@keynectis.com To: openssl-users@openssl.org Cc: Mohammad Khodaei m_khod...@yahoo.com Sent: Monday, August 6, 2012 2:14 PM Subject: Re: [openssl-users] ECDSA sign/verify input data size Bonjour, Which part of the examples did you mimic? 32 bytes is the length of a SHA256, it's also the max message length of a 256bits ECDSA key. Whence, I assume you're doing straight ECDSA_do_sign() without hashing and padding the message. -- Erwann ABALEA - paléogallicisme: style vieille France Le 06/08/2012 13:11, Mohammad Khodaei a écrit : Hello, I have used ECDSA APIs to sign and verify some data. The sample example I have used to do so is like this: http://old.nabble.com/Bug-in-ECDSA_do_sign--td1071562.html Now, the problem is that it seems there is some kind of limitations on the input data size. Whenever I want to verify the signature on a string, it calculates the signature verification only on the first 32 characters and it skips the rest of the string. It is a bit strange for me since I feed the function with correct length. Any idea where is my mistakes? Thanks a lot __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org