Bodo Moeller wrote:
>
> Dr Stephen Henson <[EMAIL PROTECTED]>:
>
> [...]
> > The SSL spec isn't clear on the format of the DSS signature.
>
> I hadn't noticed that problem -- the TLS RFC does have an explicit
> definition ("hashing [...] produces two values, r and s. The DSS
> signature is an opaque vector [...] the contents of which are the DER
> encoding of [...]").
Unfortunately the SSL spec isn't so clear. The three formats in use are:
1. OpenSSL/SSLeay: DSS-sig structure with outer length parameter.
2. Sun HotJava: DSS-sig but without length parameter.
3. Netscape: 40 byte raw encoding of r and s with length parameter.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
