Is it possible to send a hash of file to SignServer PlainSigner and get signature for that ?
For example I have a binary file that I want to sign, but I don't want to send the whole file to SignServer, instead I'll compute the hash of the file and then send it to PlainSigner who continue the process and returns a Signature.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, you can do client-side hashing with the PlainSigner if you configure it with the signature algorithm NONEwithRSA or NONEwithECDSA. Note that for ECDSA it is easy as the data to send is the hash while for RSA you need to prepend the hash with an ASN.1 structure describing the hash algorithm (see RFC#3447).
Hello,
Is it possible to send a hash of file to SignServer PlainSigner and get signature for that ?
For example I have a binary file that I want to sign, but I don't want to send the whole file to SignServer, instead I'll compute the hash of the file and then send it to PlainSigner who continue the process and returns a Signature.
Hi Zafran,
Yes, you can do client-side hashing with the PlainSigner if you configure it with the signature algorithm NONEwithRSA or NONEwithECDSA. Note that for ECDSA it is easy as the data to send is the hash while for RSA you need to prepend the hash with an ASN.1 structure describing the hash algorithm (see RFC#3447).
This is described under Plain Signatures on https://doc.primekey.com/signserver/signserver-reference/client-side-hashing .
There is also an example of RSA PKCS#1 signing in one of the junit tests. You should be able to find it if you search for RFC 3447 in the code base.
Cheers,
Markus
PrimeKey Solutions
Very nice , thank you !