2025-06-02 11:52 AM
How can it be, that the CMOX library implements `append` functions for hashes (like cmox_hash_append) but the equivalent for verification or signing of ECC algorithms does not exist?
How should we check the signature of a 10 MB update package on a device which just has 512 kB RAM?
We are using EDDSA, which already includes SHA-512 hashing. One workaround would be to sign the hash of the binary file, but that goes against the idea of EDDSA.
Solved! Go to Solution.
2025-06-05 11:11 AM
Hello @TNeub.1 ,
OK my bad, I mixed with ECDSA.
The EDDSA provided in the crypto library cannot handle such use case. If you cannot change this signature mechanism, you will need to use another cryptolib.
Best regards
Jocelyn
2025-06-04 1:09 AM
Hello @TNeub.1 ,
The signature mechanism is always applied to a digest. You never sign directly.
The EDDSA you are using is just combining hash and signature which is not what is provided in the library.
Best regards
Jocelyn
2025-06-05 2:14 AM
Thank you for your reply.
What you mean by:
> The EDDSA you are using is just combining hash and signature which is not what is provided in the library.
What is not provided since the general functions for EDDSA exist?
2025-06-05 11:11 AM
Hello @TNeub.1 ,
OK my bad, I mixed with ECDSA.
The EDDSA provided in the crypto library cannot handle such use case. If you cannot change this signature mechanism, you will need to use another cryptolib.
Best regards
Jocelyn