CMOX - ECC - EDDSA no append/update function

Forum|Forum|11 months ago
June 2, 2025
2 replies
389 views

How can it be, that the CMOX library implements `append` functions for hashes (like cmox_hash_append) but the equivalent for verification or signing of ECC algorithms does not exist?

How should we check the signature of a 10 MB update package on a device which just has 512 kB RAM?

We are using EDDSA, which already includes SHA-512 hashing. One workaround would be to sign the hash of the binary file, but that goes against the idea of EDDSA.

Best answer by Jocelyn RICARD

Hello @TNeub.1 ,

OK my bad, I mixed with ECDSA.

The EDDSA provided in the crypto library cannot handle such use case. If you cannot change this signature mechanism, you will need to use another cryptolib.

Best regards

Jocelyn

Jocelyn RICARD

ST Employee

Hello @TNeub.1 ,

The signature mechanism is always applied to a digest. You never sign directly.

The EDDSA you are using is just combining hash and signature which is not what is provided in the library.

Best regards

Jocelyn

TNeub.1Author

Associate III

Thank you for your reply.

What you mean by:

> The EDDSA you are using is just combining hash and signature which is not what is provided in the library.

What is not provided since the general functions for EDDSA exist?

Jocelyn RICARDBest answer

ST Employee

Hello @TNeub.1 ,

OK my bad, I mixed with ECDSA.

The EDDSA provided in the crypto library cannot handle such use case. If you cannot change this signature mechanism, you will need to use another cryptolib.

Best regards

Jocelyn

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded