-
Notifications
You must be signed in to change notification settings - Fork 459
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HASH out value differnet on same file? #206
Comments
It's not unless RFC-6979 is implemented, which is not for |
I assume the ecc_verify() api just authenticates a given sha2 against the signature.. and does not need the rgn number b to do this.
Sent from my T-Mobile 5G Device
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Fabio Utzig ***@***.***>
Sent: Wednesday, March 15, 2023 5:25:51 PM
To: kmackay/micro-ecc ***@***.***>
Cc: Marc Karasek ***@***.***>; Author ***@***.***>
Subject: Re: [kmackay/micro-ecc] HASH out value differnet on same file? (Issue #206)
I assumed that the signature would be the same for the same binary file?
It's not unless RFC-6979 is implemented, which is not for uECC_sign. The library has a function which does a simplified deterministic signature generation, use uECC_sign_deterministic.
—
Reply to this email directly, view it on GitHub<https://url.avanan.click/v2/___https://github.com/kmackay/micro-ecc/issues/206%23issuecomment-1470867291___.YXAzOmluc3BpcmVzZW1pOmE6bzo2YWM0ZjM3MDIyMmFkZGYzOTczZjA5MGM4NmQ4MzI4Mjo2OjhmZTQ6MmQ0MGJjMGZjYWUyMmZjNzFlM2JmNzMyMmE0YjAwY2RhY2RlYzI1NjIxMmQ2MWNmYzI4MDQ0ZjI4Yzg4ZGFjNjpoOlQ>, or unsubscribe<https://url.avanan.click/v2/___https://github.com/notifications/unsubscribe-auth/AR3S6Y5PEOSSJVM336W2773W4IXV7ANCNFSM6AAAAAAV35RU6E___.YXAzOmluc3BpcmVzZW1pOmE6bzo2YWM0ZjM3MDIyMmFkZGYzOTczZjA5MGM4NmQ4MzI4Mjo2OmFiOTg6ZjQ3MDdhYmY3ZWFiMjg5NmI5YzNjMzZiOGJlMzI2MzRiY2UwZDZiOWQ3Y2UwNDFhZjc2YzVmMmMxYWFkZTg0MTpoOlQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
I think as long as the signature created using uECC_sign() is verified by the uECC_verify() function, we are good. |
We plan on using the first api on a PC to sign the binaries and the second api on the device to authenticate so we should be ok.
Marc Karasek
Principal Software Engineer
M: 678.770.3788
***@***.***
www.inspiresemi.com<http://www.cryptocoretech.com/>
THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND/OR EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. If the reader of this message is not the intended recipient or agent responsible for delivering the message to the intended recipient, then you are hereby notified that any dissemination or copying of this communication is strictly prohibited. If you have received this electronic transmission in error, please delete it from your system without copying it and notify the sender by reply e-mail so that our address record can be corrected. Thank you.
From: uc-mani ***@***.***>
Sent: Thursday, March 16, 2023 2:12 AM
To: kmackay/micro-ecc ***@***.***>
Cc: Marc Karasek ***@***.***>; Author ***@***.***>
Subject: Re: [kmackay/micro-ecc] HASH out value differnet on same file? (Issue #206)
I think as long as the signature created using uECC_sign() is verified by the uECC_verify() function, we are good.
—
Reply to this email directly, view it on GitHub<https://url.avanan.click/v2/___https:/github.com/kmackay/micro-ecc/issues/206%23issuecomment-1471379349___.YXAzOmluc3BpcmVzZW1pOmE6bzpiOWQxYzk1MGVkYTNmM2M2MzAzMDdkNDA5ZmExMjk5YTo2OmJkNGQ6NTFjNGNiM2EwYmJjNzFhZjAyODNjNTNlMWFiMWU0YWU2NTIxMjVkNzM2Y2M5MWViNjQ2ODI1YmY0NThhZjQ4MzpoOlQ>, or unsubscribe<https://url.avanan.click/v2/___https:/github.com/notifications/unsubscribe-auth/AR3S6YZMRUOPLWLI7QPOQRTW4KVK7ANCNFSM6AAAAAAV35RU6E___.YXAzOmluc3BpcmVzZW1pOmE6bzpiOWQxYzk1MGVkYTNmM2M2MzAzMDdkNDA5ZmExMjk5YTo2OmIxODM6NzkwZmExMjA4ODBiMTA2NzRlM2MzNTg2MTc0ODFjZWU1NzNjMDllMjRjOTA3NjBjNTFhZjg3ZTM3ODc4NDJiYjpoOlQ>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
|
Hey marc, my suggestion is after uECC_sign api. Use the verify uECC api on PC as just an additional step for your signature verification. |
Great minds…. Am already doing that to verify the signature after packaging…
Marc Karasek
Principal Software Engineer
M: 678.770.3788
***@***.***
www.inspiresemi.com<http://www.cryptocoretech.com/>
THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND/OR EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. If the reader of this message is not the intended recipient or agent responsible for delivering the message to the intended recipient, then you are hereby notified that any dissemination or copying of this communication is strictly prohibited. If you have received this electronic transmission in error, please delete it from your system without copying it and notify the sender by reply e-mail so that our address record can be corrected. Thank you.
From: uc-mani ***@***.***>
Sent: Friday, March 17, 2023 2:14 AM
To: kmackay/micro-ecc ***@***.***>
Cc: Marc Karasek ***@***.***>; Author ***@***.***>
Subject: Re: [kmackay/micro-ecc] HASH out value differnet on same file? (Issue #206)
We plan on using the first api on a PC to sign the binaries and the second api on the device to authenticate so we should be ok. Marc Karasek Principal Software Engineer M: 678.770.3788 @.***
Hey marc, my suggestion is after uECC_sign api. Use the verify uECC api on PC as just an additional step for your signature verification.
I am following the same approach for Firmware Update.
—
Reply to this email directly, view it on GitHub<https://url.avanan.click/v2/___https:/github.com/kmackay/micro-ecc/issues/206%23issuecomment-1473205958___.YXAzOmluc3BpcmVzZW1pOmE6bzo3NzkwOGVjMDQ1MGIyNWFjNjFhMmY5ZmM5ZjFiZmFhYjo2OjFhMWY6MTA2YjI1MDY4N2E5Njg1NTRjNTYzNTEwMDRhZWQ2N2FjNmRiNjMxOTY3YTFjYWViNDRjMjgxNTk0ZGE0MTA0NjpoOlQ>, or unsubscribe<https://url.avanan.click/v2/___https:/github.com/notifications/unsubscribe-auth/AR3S6Y3EHBRJAAYAK6AVA6LW4P6KDANCNFSM6AAAAAAV35RU6E___.YXAzOmluc3BpcmVzZW1pOmE6bzo3NzkwOGVjMDQ1MGIyNWFjNjFhMmY5ZmM5ZjFiZmFhYjo2OjJiOWM6M2RjOTg5NzNjNDVhNjIwODYxNGMxODQyMjdhNGJhN2YzYWFhMmJiZmNiN2VmMzFhOWVkZWUxMWMwMmM2NDRiMjpoOlQ>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
|
Using : const struct uECC_Curve_t *curve = uECC_secp256k1();
We are using it this way:
uECC_sign(APPPRIVKEY, sha256_output, sizeof(sha256_output), signature, curve);
This is generating a different signature each time we run the same file through this.
Is this expected?
I assumed that the signature would be the same for the same binary file?
The text was updated successfully, but these errors were encountered: