hi,
I’m doing a basic sequence of create(pkcs11)+sign(pkcss11) +verify(using openSSL) and verification fails
- creation of the key:
pkcs11-tool.exe -l --keypairgen --pin 123456 --key-type EC:secp384r1 --id 1 --label “ECDSA P384 Key”
- extracting the public key:
pkcs11-tool.exe --read-object --type pubkey --id 1 -o my_pubKey.der
- hashing the data , using openSSL:
openssl dgst -sha384 -binary my_binary_to_sign.bin > my_Hashed_binary_to_sign.bin
- signing the data:
pkcs11-tool.exe --id 1 -s -p 123456 -m ECDSA --signature-format openssl -i my_Hashed_binary_to_sign.bin --output-file my_sig.sig
- verify using openSSL:
openssl dgst -sha384 -keyform der -verify my_pubKey.der -signature my_sig.sig my_Hashed_binary_to_sign.bin
the last stage produces “Verification Failure”.
very important to say that when I’m replacing “sha384” with “sha1” and “ECDSA” with “ECDSA-SHA1” it works!
I have no idea why.
I will appreciate any help here.
Thanks!