Petar Popara wrote:
I've noticed that some crypto libs produce DSA signatures few bytes larger than 40 bytes. Seems they encode it in ASN.1 after signing. Is this common and noted in any standard? Can NSS lib verify it?
The DSS (the standard for DSA) says that the DSA signature is exactly 40 bytes long, and is made up of two parts, each 20 bytes long. There are some protocols that use DSA that require DSA signatures be encoded as an ASN.1 DER-encoded "sequence" (that is, structure) that contains two DER-encoded integers, corresponding to the two parts of a DSA signature. Because DER integers remove leading zero bytes, the length of the DER-encoded form is variable. But not all protocols requre or desire DSA signatures to be DER-encoded. SSL 3.0 does not require DER encoding of DSA signatures, but TLS (SSL 3.1) does. Therefore, I would expect a low level crypto function library, that provides access to the "raw" crypto algorithms to follow the DSS to the letter, and I would expect libraries that implement protocols that want it DER encoded to do that DER encoding and decoding. NSS, which supports both SSL3 and TLS supports both forms and has functions to convert from one to the other. http://lxr.mozilla.org/security/source/security/nss/lib/cryptohi/dsautil.c _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
