• State Not Answered
  • Replies 9 replies
  • Subscribers 75 subscribers
  • Views 1648 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 240940
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to use cryptocell so sign data without a hash

Roelof

In order to implement the standard RSA-PKCS, raw data must be signed with the private key without performing a hash.

All the CRYS functions wants either a HASH as input or want to comute a HASH inthe sign function.

How can I sign (actually encrypt) data with a private key without using a hash

  • 0

    Instead of using:

        CRYS_RSA_HASH_SHA1_mode = 1,    /*!< The input data will be hashed with SHA1. */

        CRYS_RSA_HASH_SHA224_mode = 2,  /*!< The input data will be hashed with SHA224. */

        CRYS_RSA_HASH_SHA256_mode = 3,  /*!< The input data will be hashed with SHA256. */

        CRYS_RSA_HASH_SHA384_mode = 4,  /*!< The input data will be hashed with SHA384. */

        CRYS_RSA_HASH_SHA512_mode = 5,  /*!< The input data will be hashed with SHA512. */

     

    Try to use:

        CRYS_RSA_After_SHA1_mode = 7,   /*!< The input data is a digest of SHA1 and will not be hashed. */

        CRYS_RSA_After_SHA224_mode = 8, /*!< The input data is a digest of SHA224 and will not be hashed. */

        CRYS_RSA_After_SHA256_mode = 9, /*!< The input data is a digest of SHA256 and will not be hashed. */

        CRYS_RSA_After_SHA384_mode = 10,    /*!< The input data is a digest of SHA384 and will not be hashed. */

        CRYS_RSA_After_SHA512_mode = 11,    /*!< The input data is a digest of SHA512 and will not be hashed. *

  • 0 in reply to Kenneth

    Good day. Thank you for the response.

    Unfortunately these do not work. The standard RSA-PKCS does not do a hash function before or after the signing.

    The functions you are referring to require the input data to already be the length of the specific hash output and already be in hash format. Variable lengths of data can be expected as input for RSA-PKCS and not in the case of the functions "CRYS_RSA_After_xxx_mode

  • 0

    Is there any updates on this issue.

    Main issue: How can I sign (RSA) data of variable length without using a Hash before or after the signature?

    I want to use the mode CRYS_RSA_HASH_NO_HASH_mode - for signing, but this is not allowed for Signing

  • 0 in reply to Roelof

    Maybe you are looking at the wrong api?

    There are two encypryption api's in CC310 for RSA:  
    RSA: CRYS_RSA_OAEP_Encrypt() and CRYS_RSA_PKCS1v15_Encrypt()

    Which to use depends on the variant you want to do, in general look at examples here:
    examples\crypto\nrf_cc310\rsa\main.c

  • 0 in reply to Kenneth

    Both Functions mentioned requires the UserPubKey_ptr key as input. I want to sign with the Private key (Basically encrypt with the private key). Will CRYS_RSA_PKCS1v15_Encrypt allow a private key as input?

Related
Terms of service