openssl pkeyutl not truncating input with DSA key
up vote
1
down vote
favorite
I am trying to sign a file directly (not computing any hashes) with openssl pkeyutl using a DSA key, and the man page says that the input should be truncated in case it is larger than the expected hash size.
However, when I run the command
$ openssl pkeyutl -sign -inkey myDSAkey.pem -in file -out file.sign
i get the following message after entering my password :
Public Key operation error
The error does not happen with files smaller than 20 bytes. I am running OpenSSL 1.1.0g
Thanks in advance for your help!
openssl dsa
add a comment |
up vote
1
down vote
favorite
I am trying to sign a file directly (not computing any hashes) with openssl pkeyutl using a DSA key, and the man page says that the input should be truncated in case it is larger than the expected hash size.
However, when I run the command
$ openssl pkeyutl -sign -inkey myDSAkey.pem -in file -out file.sign
i get the following message after entering my password :
Public Key operation error
The error does not happen with files smaller than 20 bytes. I am running OpenSSL 1.1.0g
Thanks in advance for your help!
openssl dsa
I'm surprised you say no error for too-small file. There is a code change in crypto/dsa/dsa_pmeth.c in 1.1.0 which should cause errors for too-big or too-small, and does so for me; this is reverted for the default case in 1.1.0i (and 1.1.1-pre9), see github.com/openssl/openssl/commit/…
– dave_thompson_085
Nov 8 at 14:18
Thanks a lot! I'll try to update openssl then
– streiter
Nov 8 at 14:38
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am trying to sign a file directly (not computing any hashes) with openssl pkeyutl using a DSA key, and the man page says that the input should be truncated in case it is larger than the expected hash size.
However, when I run the command
$ openssl pkeyutl -sign -inkey myDSAkey.pem -in file -out file.sign
i get the following message after entering my password :
Public Key operation error
The error does not happen with files smaller than 20 bytes. I am running OpenSSL 1.1.0g
Thanks in advance for your help!
openssl dsa
I am trying to sign a file directly (not computing any hashes) with openssl pkeyutl using a DSA key, and the man page says that the input should be truncated in case it is larger than the expected hash size.
However, when I run the command
$ openssl pkeyutl -sign -inkey myDSAkey.pem -in file -out file.sign
i get the following message after entering my password :
Public Key operation error
The error does not happen with files smaller than 20 bytes. I am running OpenSSL 1.1.0g
Thanks in advance for your help!
openssl dsa
openssl dsa
asked Nov 8 at 11:12
streiter
62
62
I'm surprised you say no error for too-small file. There is a code change in crypto/dsa/dsa_pmeth.c in 1.1.0 which should cause errors for too-big or too-small, and does so for me; this is reverted for the default case in 1.1.0i (and 1.1.1-pre9), see github.com/openssl/openssl/commit/…
– dave_thompson_085
Nov 8 at 14:18
Thanks a lot! I'll try to update openssl then
– streiter
Nov 8 at 14:38
add a comment |
I'm surprised you say no error for too-small file. There is a code change in crypto/dsa/dsa_pmeth.c in 1.1.0 which should cause errors for too-big or too-small, and does so for me; this is reverted for the default case in 1.1.0i (and 1.1.1-pre9), see github.com/openssl/openssl/commit/…
– dave_thompson_085
Nov 8 at 14:18
Thanks a lot! I'll try to update openssl then
– streiter
Nov 8 at 14:38
I'm surprised you say no error for too-small file. There is a code change in crypto/dsa/dsa_pmeth.c in 1.1.0 which should cause errors for too-big or too-small, and does so for me; this is reverted for the default case in 1.1.0i (and 1.1.1-pre9), see github.com/openssl/openssl/commit/…
– dave_thompson_085
Nov 8 at 14:18
I'm surprised you say no error for too-small file. There is a code change in crypto/dsa/dsa_pmeth.c in 1.1.0 which should cause errors for too-big or too-small, and does so for me; this is reverted for the default case in 1.1.0i (and 1.1.1-pre9), see github.com/openssl/openssl/commit/…
– dave_thompson_085
Nov 8 at 14:18
Thanks a lot! I'll try to update openssl then
– streiter
Nov 8 at 14:38
Thanks a lot! I'll try to update openssl then
– streiter
Nov 8 at 14:38
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53206584%2fopenssl-pkeyutl-not-truncating-input-with-dsa-key%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I'm surprised you say no error for too-small file. There is a code change in crypto/dsa/dsa_pmeth.c in 1.1.0 which should cause errors for too-big or too-small, and does so for me; this is reverted for the default case in 1.1.0i (and 1.1.1-pre9), see github.com/openssl/openssl/commit/…
– dave_thompson_085
Nov 8 at 14:18
Thanks a lot! I'll try to update openssl then
– streiter
Nov 8 at 14:38