2025-06-02 11:52 AM
How can it be, that the CMOX library implements `append` functions for hashes (like cmox_hash_append) but the equivalent for verification or signing of ECC algorithms does not exist?
How should we check the signature of a 10 MB update package on a device which just has 512 kB RAM?
We are using EDDSA, which already includes SHA-512 hashing. One workaround would be to sign the hash of the binary file, but that goes against the idea of EDDSA.
2025-06-04 1:09 AM
Hello @TNeub.1 ,
The signature mechanism is always applied to a digest. You never sign directly.
The EDDSA you are using is just combining hash and signature which is not what is provided in the library.
Best regards
Jocelyn