diff options
| -rw-r--r-- | apps/dgst.c | 11 | ||||
| -rw-r--r-- | doc/man1/dgst.pod | 4 |
2 files changed, 14 insertions, 1 deletions
diff --git a/apps/dgst.c b/apps/dgst.c index 4bf20f3..d158a0c 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -235,6 +235,8 @@ int dgst_main(int argc, char **argv) } if (keyfile != NULL) { + int type; + if (want_pub) sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file"); else @@ -245,6 +247,15 @@ int dgst_main(int argc, char **argv) */ goto end; } + type = EVP_PKEY_id(sigkey); + if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) { + /* + * We implement PureEdDSA for these which doesn't have a separate + * digest, and only supports one shot. + */ + BIO_printf(bio_err, "Key type not supported for this operation\n"); + goto end; + } } if (mac_name != NULL) { diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod index 5cad243..3d546f0 100644 --- a/doc/man1/dgst.pod +++ b/doc/man1/dgst.pod @@ -86,7 +86,9 @@ Filename to output to, or standard output by default. =item B<-sign filename> -Digitally sign the digest using the private key in "filename". +Digitally sign the digest using the private key in "filename". Note this option +does not support Ed25519 or Ed448 private keys. Use the B<pkeyutl> command +instead for this. =item B<-keyform arg> |