• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1

Signature with ECDSA keys on Mac OSX use always SHA384 hash

New Here ,
Nov 08, 2024 Nov 08, 2024

Copy link to clipboard

Copied

Hi all,

we're using on OSX an application that interfaces with the local keychain and intercepts the signature request issued from Acrobat (like a click on a signature field).

 

When testing this with ECDSA keys of the common secp family and different lenghts we noticed a strange behaviour, Acrobat always use the SHA384 hash algorithm indepentently from the actual key length.

 

To be more clear, for signatures we expected on the "keychain side" a digest fit for an "optimal cryptography", that is something like:

- key secp256 -> digest SHA256

- key secp384 -> digest SHA384

- key secp521 -> digest SHA512

 

Insetad we got:

- key secp256 -> digest SHA384

- key secp384 -> digest SHA384

- key secp521 -> digest SHA384

 

So, is possible that there is a bug somewhere and on OSX Acrobat tries to use incorrectly only the ecdsaSignatureDigestX962SHA384/ecdsaSignatureMessageX962SHA384 methods?

TOPICS
Security digital signatures and esignatures

Views

112

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 12, 2024 Nov 12, 2024

Copy link to clipboard

Copied

One more bit: we probably have undestood that Acrobat on Mac always choose the digest algorithm "looking" at the one that was used to sign the user certificate.

 

I.E., having a user certificate with secp256 keys that is signed by the RootCA with a "SHA384ECDSA" algortihm, when trying to make a signature the digest algorithm chosen by Acrobat will be "SHA384" (and not the expected "SHA256", as from the user's key length), thus will be based on the RootCA signature alg....

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 12, 2024 Nov 12, 2024

Copy link to clipboard

Copied

LATEST
Richard m Singleton

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines