[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Error in encoding of DSA signature in RFC 2459?

To: "Ietf-Pkix (E-mail)" <ietf-pkix@xxxxxxx>
Subject: Error in encoding of DSA signature in RFC 2459?
From: Ilan Shacham <ilans@xxxxxxx>
Date: Sun, 30 May 1999 17:58:14 +0300
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

The DSA signature is defined in rfc 2459 as

           Dss-Sig-Value  ::=  SEQUENCE  {
                   r       INTEGER,
                   s       INTEGER  }

where r and s are positive integers (according to the mathematics).
The signature in the first example (D.1) is encoded like this:

0650 03 2f         47: . BIT STRING  (0 unused bits)
                     : 30 2c 02 14 a0 66 c1 76 33 99 13 51 8d 93 64 2f
                     : ca 13 73 de 79 1a 7d 33 02 14 5d 90 f6 ce 92 4a
                     : bf 29 11 24 80 28 a6 5a 8e 73 b6 76 02 68

integers are encoded in DER in two's compliment, which means a 
positive value with the MSB on, should be encoded with a leading 0
octet, and so the signature sould look like this:

                    : 30 2d 02 15 00 a0 66 c1 76 33 99 13 51 8d 93 64 2f
                     : ca 13 73 de 79 1a 7d 33 02 14 5d 90 f6 ce 92 4a
                     : bf 29 11 24 80 28 a6 5a 8e 73 b6 76 02 68

This is repeated in the next examples too.
Am I missing anything here?

Ilan

------------------------------------------------------------------------
Ilan Shacham				mailto:ilans@arx.com
Algorithmic Research Ltd.		http://www.arx.com
10 Nevatim St.,			phone:	972 - 3 - 9279540
Petach-Tikva, Israel			Fax:	972 - 3 - 9230864

Prev by Date: Re: X.509 ACs vs. SPKI?
Next by Date: Re: X.509 ACs vs. SPKI?
Previous by thread: our meeting slots in Oslo
Next by thread: RE: Error in encoding of DSA signature in RFC 2459?
Index(es):
- Date
- Thread