Format of sig in EVP_SignFinal for DSA keys

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Format of sig in EVP_SignFinal for DSA keys

Grahame Grieve
I can't find any documentation as the exact format of sig produced by
EVP_SignFinal when using a DSA key. It's 71 bytes, but 71 bytes of
what?

thanks
Grahame


--
-----
http://www.healthintersections.com.au /
[hidden email] / +61 411 867 065
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Format of sig in EVP_SignFinal for DSA keys

Wim Lewis-3

On 6 Oct 2014, at 2:11 PM, Grahame Grieve wrote:
> I can't find any documentation as the exact format of sig produced by
> EVP_SignFinal when using a DSA key. It's 71 bytes, but 71 bytes of
> what?

Just guessing here, but there are two formats I've seen for (EC)DSA signatures. One of them is an ASN1 DER-encoded SEQUENCE of two INTEGERs, 'r' and 's' --- the X.509 Dss-Sig-Value structure. The other format is just to pad r and s to constant widths and concatenate them without any further headers.

The first format is more common in my experience, and 71 bytes is a reasonable length (32 or 33 bytes for each integer's digits including sign bit, 2 bytes for the DER header on each, and 2 more bytes for the SEQUENCE = 71 bytes). Signatures in the second format will always have an even length; signatures in the first format will vary by a few bytes depending on the values of r and s.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]