ECDSA Signs Using OpenSSL Without Hash Encoding ASN1

Question

ECDSA Signs Using OpenSSL Without Hash Encoding ASN1

Im doing ECDSA signatures using the command dgstwith OpenSSL as follows:

openssl dgst -sha256 -sign key.pem -out my_signature data_file

which works great. However, I read into this SO answer that it first hashes the data_file by the SHA256, and ASN.1 encodes the hash before signing it.

I would like to create a SHA256 hash of data and make the ECDSA sign only the raw bytes of this hash. (Since this is an ECDSA signature, I cannot use rsautl, as in the SO answer mentioned.)

How to achieve this using OpenSSL?

+1

cryptography openssl digital-signature

NumberFour Aug 21 '14 at 8:15

source share

1 answer

rystsov · Accepted Answer · 2014-11-23T03:12:30+0000

You can do this with the help of openssl pkeyutlwhich replaces openssl rsautl which supports ECDSA.

, data.txt openssl. :

openssl dgst -sha256 -binary -out data.sha256 data.txt

, :

openssl pkeyutl -sign -inkey private.pem -in data.sha256 -out data.sig

ASN.1. r s openssl asn1parse:

openssl asn1parse -inform DER -in data.sig

ECDSA Signs Using OpenSSL Without Hash Encoding ASN1

More articles: