GH554: Improve pkeyutl doc
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This commit is contained in:
Hubert Kario
Rich Salz
parent
b698174493
commit
53619f9f40
1 changed files with 13 additions and 0 deletions
|
|
@ -137,6 +137,19 @@ Unless otherwise mentioned all algorithms support the B<digest:alg> option
|
|||
which specifies the digest in use for sign, verify and verifyrecover operations.
|
||||
The value B<alg> should represent a digest name as used in the
|
||||
EVP_get_digestbyname() function for example B<sha1>.
|
||||
This value is used only for sanity-checking the lengths of data passed in to
|
||||
the B<pkeyutl> and for creating the structures that make up the signature
|
||||
(e.g. B<DigestInfo> in RSASSA PKCS#1 v1.5 signatures).
|
||||
In case of RSA, ECDSA and DSA signatures, this utility
|
||||
will not perform hashing on input data but rather use the data directly as
|
||||
input of signature algorithm. Depending on key type, signature type and mode
|
||||
of padding, the maximum acceptable lengths of input data differ. In general,
|
||||
with RSA the signed data can't be longer than the key modulus, in case of ECDSA
|
||||
and DSA the data shouldn't be longer than field size, otherwise it will be
|
||||
silently truncated to field size.
|
||||
|
||||
In other words, if the value of digest is B<sha1> the input should be 20 bytes
|
||||
long binary encoding of SHA-1 hash function output.
|
||||
|
||||
=head1 RSA ALGORITHM
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue