Arm Mbed and Pelion Device Management support forum

How to use "mbedtls_ecdsa_sign_det()"?

Hi, I’m implementing ecdsa verification with getting R,S rather than ASN.1
In order to do that, my understanding is to use “mbedtls_ecdsa_sign_det()”.
Do i have to only call this function? is this enough?
What is the verification function for this?
Is there any good example?

Thank you so much.

Hi @matthewc

mbedtls_ecdsa_sign_det() is used for deterministic ecdsa.
If you want the “regular” ecdsa, you should call mbedtls_ecdsa_sign().

As you can see in the code, the function mbedtls_ecdsa_write_signature() calls mbedtls_ecdsa_sign() to sign the hash, and then encodes the signature to asn.1 via ecdsa_signature_to_asn1().

The opposite function, mbedtls_ecdsa_read_signature() gets the data from the asn.1 encoding, and then calls mbedtls_ecdsa_verify().
So, if you don’t use the asn.a encoding, you should call mbedtls_ecdsa_verify to verify the signature.
Although our sample applications use the asn.1 encoded signature, our test suites also test the signature without asn.1 encoding.
Regards,
Mbed TLS Support
Ron