pkeyutl finally grew a -digest switch in OpenSSL 3 to automatically compute the hash of a large input prior to signing it, which is useful to cut out one extra step.
Great! OpenSSL gets updated with new features and option with every update.. I guess it's time to update my videos as well. haha.. Thanks for commenting!
I apreciate your effort, but i have a question. are you sure we are supposed to pass the hash as an input for the verification command using 'openssl pkeyutl' ?
Good questions! Yes, when generating a hash-based signature, you pass the hash as input instead of the actual data. This approach is particularly useful for signing large files. If you're using an RSA-2048 sized key, keep in mind that you're limited to 245 bytes as the size of input. In such cases, opting for a fixed-length hash is considered a better option.
@@CyberHashira Also because signing hashes, rather than their originating data, protects against potential attacks when the data to sign is very small, ruclips.net/video/s22eJ1eVLTU/видео.html&pp=ygUXY29tcHV0ZXJwaGlsZSBzaWduYXR1cmU%3D
pkeyutl finally grew a -digest switch in OpenSSL 3 to automatically compute the hash of a large input prior to signing it, which is useful to cut out one extra step.
Great! OpenSSL gets updated with new features and option with every update.. I guess it's time to update my videos as well. haha..
Thanks for commenting!
I apreciate your effort, but i have a question.
are you sure we are supposed to pass the hash as an input for the verification command using 'openssl pkeyutl' ?
Good questions!
Yes, when generating a hash-based signature, you pass the hash as input instead of the actual data. This approach is particularly useful for signing large files. If you're using an RSA-2048 sized key, keep in mind that you're limited to 245 bytes as the size of input. In such cases, opting for a fixed-length hash is considered a better option.
@@CyberHashira Also because signing hashes, rather than their originating data, protects against potential attacks when the data to sign is very small, ruclips.net/video/s22eJ1eVLTU/видео.html&pp=ygUXY29tcHV0ZXJwaGlsZSBzaWduYXR1cmU%3D