32 bytes means you're signing using RSA-WITH-SHA-256, yes? tbs is the digest value you calculated, tbslen is the size in bytes of the digest. -Kyle H On Tue, Apr 7, 2020 at 1:07 PM Jason Proctor <jason@xxxxxxxxxxxxxxx> wrote: > > Esteemed cryptologists, > > Question regarding the "tbslen" parameter to the sign and verify > functions. The documentation says -- > > "The verified data (i.e. the data believed originally signed) is > specified using the tbs and tbslen parameters." > > Which might indicate that tbslen is the length of the payload. However > I found that I had to set this to the length of the *signature* to get > these calls to work. The sign() operation fails at rsa_pmeth.c line > 134, and the debugger does indeed tell me that it's expecting 32 > there, rather than the payload length which is 1024. > > Is this correct? Anything I'm missing, here? > > thanks for any clarity here > Jason@Spatial
