-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signature for pre-hashed messages (slice input) #525
Comments
This is a somewhat dangerous API in that failure to use a hash function on the input message can lead to arbitrary signature forgeries. For that reason we do not provide a high-level interface to it. If you really, really need such an API, you'll need to use the low-level https://docs.rs/ecdsa/latest/ecdsa/hazmat/trait.SignPrimitive.html You can compute a scalar from a known existing digest using |
I managed to have something working. This is a reference for who tries to do something similar: use ecdsa::{
elliptic_curve::{
generic_array::{typenum::U32, GenericArray},
ops::Reduce,
},
hazmat::{rfc6979_generate_k, SignPrimitive},
signature::PrehashSignature,
RecoveryId,
};
use k256::{
ecdsa::{Signature, SigningKey},
NonZeroScalar, Scalar, U256,
};
use rand::rngs::OsRng;
fn sign_prehashed(hash: [u8; 32]) -> (Signature, Option<RecoveryId>) {
let signing_key = SigningKey::random(&mut OsRng);
let hash_array: GenericArray<u8, U32> = GenericArray::from_slice(&hash).clone();
let hash_scalar = <Scalar as Reduce<U256>>::from_be_bytes_reduced(hash_array);
let priv_bytes = signing_key.to_bytes();
let priv_scalar = <NonZeroScalar as Reduce<U256>>::from_be_bytes_reduced(priv_bytes);
let k = rfc6979_generate_k::<_, <Signature as PrehashSignature>::Digest>(
&priv_scalar,
&hash_scalar,
&[],
);
priv_scalar.try_sign_prehashed(**k, hash_scalar).unwrap()
} |
I'm struggling understanding how I can sign a byte array (or a slice) containing an already hashed message.
Given that I have a byte array containing a 32 bytes hash, I would like to perform something like:
I see that there is the
signing_key.sign_digest()
. But that is not what I want since I don't have aDigest
implementation here.Thank you
The text was updated successfully, but these errors were encountered: