I recent tried to use PHP openssl extension with an ecdsa self signed certificate that i've issued using this tutorial create-a-self-signed-ecc-certificate. I have used function openssl_sign() as described in PHP manual. I've notice every time i refresh the web page , i got different signature output. Can anyone explain what happen? And is there any manner to get the same signature output every time with ecdsa certificate?
Asked
Active
Viewed 373 times
1 Answers
0
A component of generating an ECDSA signature is generating a random number (k).
Since each call to sign will generate a distinct random number, there's no way to produce a deterministic certificate with ECDSA (aside from doing all of the ECC math yourself, and choosing k; or finding a library somewhere which lets k be specified).
bartonjs
- 30,352
- 2
- 71
- 111
-
Therefore is openssl unable to produce a signature that can be verify later since the output are different? – Bool Apr 07 '17 at 09:22
-
Verifying the signature is different than creating it. The verification formula can be run on the same (key, data, signature) triplet many times and will always produce the same answer. But if you ask OpenSSL to ECDSA sign the same data with the same key twice it will give two different answers. – bartonjs Apr 07 '17 at 13:08
-
About library have you any idea or suggestion? – Bool Apr 10 '17 at 09:46