You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → Purpose of wolfSSL_CTX_SetRsaSignCheckCb
Greetings,
just being curious actually. What is the purpose/valid use-case for checking the signature that our own software (or hardware) has generated? It doesn't cause problems, since you can make a callback that always returns success, but I was wondering what was the idea behind this check, it looks pretty unique to wolfSSL.
Thanks!
Hi Oytis,
Thank you for reaching out with your question. As noted in the comment the valid use case for the callback function that can always return success is when you are using a Hardware Security Module to check the signature for you (ATECC508A/608A, ST Safe, etc). There is no need to check the signature twice, that just wastes computation cycles that could be spend on more interesting tasks.
The valid use case for checking the signature that was generated is if you wish to ensure the signature is valid before sending it. Imagine you have a backend system that can crank out thousands of signatures but you're sending those signatures to embedded systems that take on the order of 10's or 100's of seconds to perform a verify operation. You can save some time by checking the signatures are correct on the backend before shipping them to the field devices rather then sending a bad one, having the field device fail, and then sending another. Our library is designed with embedded systems in mind and we provide some unique functionality for those of our users that have requested it.
Please let us know if you have any other questions!
Warm Regards,
KH
wolfSSL - Embedded SSL Library → wolfSSL → Purpose of wolfSSL_CTX_SetRsaSignCheckCb
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (89% PHP - 11% DB) with 12 queries