Hi,
In order to be able to sign a digest with ECDSA, the bit length of the
digest value must be lesser than or equal to the bit size of field used
in the elliptic curve.
So, if you want to sign an SHA-256 digest, you must use an elliptic
curve defined over a field with a bit size greater than
Actually I'm looking for the EVP interface and I found out that 'The EVP
interface should almost always be used in preference to the low level
interfaces. This is because the code then becomes transparent to the
algorithm used and much more flexible'. It might be true but...
...I would like to k
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
> On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
>
> > On Mon, Oct 12, 2009, Victor B. Wagner wrote:
> >
> > >
> > > BTW, it seems that most applications which actualy use CRLs, such as
> > > Apache, openvpn and stunnel, do implement loo
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
> On Mon, Oct 12, 2009, Victor B. Wagner wrote:
>
> >
> > BTW, it seems that most applications which actualy use CRLs, such as
> > Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
> > in its own code, not relying
On 2009.10.12 at 14:49:23 +0200, Dr. Stephen Henson wrote:
> On Mon, Oct 12, 2009, Victor B. Wagner wrote:
>
> >
> > BTW, it seems that most applications which actualy use CRLs, such as
> > Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
> > in its own code, not relying
On Fri, Oct 09, 2009, Kirk81 wrote:
>
> Hello,
>
> I found your example of ECDSA_do_sign/verify very uselful.
>
> Now I'm trying to modify the code and I would like to use an SHA-256's
> message digest in your sign function. Something like:
>
> unsigned char obuf[32];
>
> SHA-256(data, len, o
On Mon, Oct 12, 2009, Victor B. Wagner wrote:
>
> BTW, it seems that most applications which actualy use CRLs, such as
> Apache, openvpn and stunnel, do implement lookup of certicate in the CRL
> in its own code, not relying on X509_V_FLAG_CRL_CHECK in X509_STORE.
>
>
In some cases CRL lookup
Hi,
I've found out that default lookup method X509_LOOKUP_hash_dir caches
certificates and CRLs very aggressively.
Really, it uses X509_load_cert_file and X509_load_crl_file from
X509_LOOKUP_file method, which always put object into memory cache, and
never frees anything from this cache.
From s