1

I am switching an application from Python cryptography.io library to pynacl.

The application currently calculates digests of the data, then has the crypto libraries sign the digest.

But pynacl's signing code always requires the full data to be passed in to the sign methods, and it is difficult to do this with the way the code is structured (and may impossible in cases, such as a very large file that cannot be read into memory).

So the two questions are:

  1. Is there a way to simple pass a pre-calcuated digest of my data to a sign function with pynacl and have it just sign with that?
  2. Would there be a security problem in merelty passing the digest of my data as the message, instead of the data directly? (And if so - and recomendations or restrictions on the algorithm or hash size to use with EC25518?)
Brad
  • 11,262
  • 8
  • 55
  • 74
  • 1
    Probably you are looking for something like [Ed25519ph](https://datatracker.ietf.org/doc/html/rfc8032). PyNaCl added at least a low level binding for Ed25519ph in [1.3.0](https://pynacl.readthedocs.io/en/latest/changelog/#id2), presumably [`crypto_sign_ed25519ph_update()`](https://github.com/pyca/pynacl/blob/main/src/nacl/bindings/crypto_sign.py#L212) etc. Whether this is suitable for practice is not clear to me. Anyway, there is nothing in the [documentation](https://pynacl.readthedocs.io/en/latest/) about this (at least I didn't find anything), which means you have to explore it yourself. – Topaco Dec 29 '21 at 23:10
  • 1
    Generally there is no problem passing just the hash. It is often done for e.g. smart cards where sending an entire file is even more bothersome. Of course, the signature function doesn't know what data it is actually signing, but usually that's also true if the data is passed verbatim - it just signs whatever it gets; it's an algorithm after all. – Maarten Bodewes Dec 30 '21 at 01:49

0 Answers0