You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sign signs an arbitrary length hash (which should be the result of hashing a
larger message) using the private key, priv. It returns the signature as a
pair of integers. The security of the private key depends on the entropy of
rand.
However the sign method on ecdsa.PrivateKey uses the msg directly rather than hashing it (and thus ignores the crypto.SignerOpts).
Either the description of the sign function should be changed, or the sign method should perform hashing. I'm not sure what the motivation was for the particular type signature of the sign method but taking a crypto.SignerOpts that is ignored is misleading.
The text was updated successfully, but these errors were encountered:
The argument is called hash and the description says that it "should be the result of hashing a
larger message". Can you suggest a description that that's clearer that the input should already be hashed?
rakyll
changed the title
The sign method on ecdsa.PrivateKey does not hash
crypto/ecdsa: the sign method on ecdsa.PrivateKey does not hash
Jan 14, 2016
The sign function in
ecdsa
states the following:However the sign method on
ecdsa.PrivateKey
uses the msg directly rather than hashing it (and thus ignores thecrypto.SignerOpts
).Either the description of the sign function should be changed, or the sign method should perform hashing. I'm not sure what the motivation was for the particular type signature of the sign method but taking a
crypto.SignerOpts
that is ignored is misleading.The text was updated successfully, but these errors were encountered: