-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is no way to perform ECDSA with raw OpenSSL::BN pairs #427
Comments
Because this API should support deterministic K values, placing work on this as dependent on resolving #426 first |
The simple implementation might be to parse the ASN1 and return the two BN values as a helper method as this is a stable OpenSSL API surface. Will implement as a pure Ruby convenance method now that a deterministic Conversely a verify that takes |
Marshaling back and forth from ASN1 is difficult as the handling of BN integers requires it have a non leading 1 to prevent the number being read as negative.
We should add
OpenSSL::PKey::EC#dsa_sign(hash: String, k: , r:) => [ r: OpenSSL:BN, s: OpenSSL:BN ]
andOpenSSL::PKey::EC#dsa_verify(r: OpenSSL:BN, s: OpenSSL:BN) => bool
to support these operations.The native methods would be
ECDSA_do_sign_ex
andECDSA_do_verify
The text was updated successfully, but these errors were encountered: