Hi everybody,
I am not at all familiar with OpenSSL or DSA, but I was tinkering around trying to get DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have not seen brought up anywhere else, or documented. Somehow I am not able to sign messages longer than 20 bytes. The error message I am getting back is error:0A070064:lib(10):func(112):reason(100). I have not been able to find further info on this. Is there a maximum digest length? This is how I generate my DSA object. dsa = DSA_generate_parameters(512, NULL, 0, NULL, NULL, NULL, NULL); Thank you very much for your time. -- here dup = negate dup invert negate dup dup + dup dup lshift invert negate dup emit 2tuck rot 2tuck dup lshift + swap ( Andrey/Andrei Warkentin ) invert - emit 2tuck 2swap drop + + dup rot + swap emit rot dup invert negate * + emit drop cr bye |
Andrey Warkentin wrote:
> Hi everybody, > > I am not at all familiar with OpenSSL or DSA, but I was tinkering around > trying to get > DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have > not seen brought > up anywhere else, or documented. Somehow I am not able to sign messages > longer than 20 bytes. > The error message I am getting back is > error:0A070064:lib(10):func(112):reason(100). I have not been able to > find further info on this. Is there a maximum digest length? DSA_sign/DSA_verify expect a SHA-1 message digest as input, hence you need to hash your message before signing it. Alternative you may use EVP_SignInit etc. Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Whoops - thanks a lot! I guess for now I'll use the
SHA1-Init/Update/Final functions, then look at the EVP higher level interface. Thanks again for clarifying it. On 6/15/05, Nils Larsch <[hidden email]> wrote: > Andrey Warkentin wrote: > > Hi everybody, > > > > I am not at all familiar with OpenSSL or DSA, but I was tinkering around > > trying to get > > DSA_sign/DSA_verify to work. I've stumbled upon a peculiar issue I have > > not seen brought > > up anywhere else, or documented. Somehow I am not able to sign messages > > longer than 20 bytes. > > The error message I am getting back is > > error:0A070064:lib(10):func(112):reason(100). I have not been able to > > find further info on this. Is there a maximum digest length? > > DSA_sign/DSA_verify expect a SHA-1 message digest as input, hence > you need to hash your message before signing it. Alternative you > may use EVP_SignInit etc. > > Nils > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] > -- here dup = negate dup invert negate dup dup + dup dup lshift invert negate dup emit 2tuck rot 2tuck dup lshift + swap ( Andrey/Andrei Warkentin ) invert - emit 2tuck 2swap drop + + dup rot + swap emit rot dup invert negate * + emit drop cr bye ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Free forum by Nabble | Edit this page |