On Sun., Apr. 23, 2023, 9:57 a.m. Robert Moskowitz, <rgm@xxxxxxxxxxxxxxx> wrote:
This is for work in the IETF DRIP workgroup and the objects created in
https://datatracker.ietf.org/doc/draft-ietf-drip-auth/
and used in
https://datatracker.ietf.org/doc/draft-moskowitz-drip-a2x-adhoc-session/
I have a 136 byte object:
2e4a3f5b5e07a1fb254b811f5a1002b10a5fda326d944758324d7f16972aa2f63c4722b92001003ffe001405
And a pem formatted private key file (EdDSA25519) file.
I want the 64 byte signature.
So far in all my googling I have only found:
https://stackoverflow.com/questions/35443847/how-to-create-detached-cms-signature
and
openssl cms -sign -signer cert.pem -inkey pkey.pem -binary -in data
-outform der -out signature
I think I would cut out the -signer, as no cert, just the pkey.
This is NOT cms, no way, but is that needed.
Basically what do I need to sign a bunch of bytes and get the signature?
Here is a sign/verify example with Ed25519:
openssl genpkey -algorithm ED25519 -out ed25519-priv.pem
openssl pkeyutl -sign -rawin -in msg.txt -inkey ed25519-priv.pem -out sig.raw
openssl pkeyutl -verify -rawin -in msg.txt -sigfile sig.raw -inkey ed25519-priv.pem
openssl pkeyutl -sign -rawin -in msg.txt -inkey ed25519-priv.pem -out sig.raw
openssl pkeyutl -verify -rawin -in msg.txt -sigfile sig.raw -inkey ed25519-priv.pem
I think you would need an extra step to convert your message from hex to binary.
-James M
