> From: owner-openssl-us...@openssl.org On Behalf Of shotorddnadd > Sent: Tuesday, September 17, 2013 09:12
> I am writing a C++ application using Openssl library to sign the outgoing > messages and verify it on the other end. Everything works perfectly but > still there is a strange point which I would like to discuss it and your > help would be really appreciated in that case. > I noticed that using private keys with the same length (256) still the ECDSA > signature size is different sometimes. For example once it is 70 Bytes and > next time is 72 Bytes using another key but with the same size. As far as I > know the ECDSA_sig structure uses some sorta padding for the ASN.1 > encoding > purposes but I am not sure if it leads to different signature sizes or I > have to investigate my code for a problem (Which I don't believe that is the > case since the sign/verification process of my application has been tested > successfully.) > ECDSA signatures consist of two integers that are practically random over the curve order, which usually is very slightly less than the nominal size (for your case 2^256). (And DSA similarly over the subgroup order.) These integers are indeed encoded in ASN.1, and integers in ASN.1 are always two's-complement -- even when as here they cannot be negative. That means for example a 32bit number in the range 0x00000000 to 0x7fffffff will take 4 value octets but 0x80000000 to 0xffffffff will take 5. Since the numbers in your signatures are almost evenly divided you will get 1 "extra" octet about 50% of the time and 2 about 25%. In rarer cases, 1 or possibly more octets *less* are needed. bbrumley's answer is true but his example values happen to be in the "low half" not needing extra bytes (or fewer bytes). chuong.khuc's answer is wrong. He may be thinking of RSA, where the signature is one integer, and depending on how it is represented (sometimes, not always, as an ASN.1 integer) it may be padded or not. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
