[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Error in encoding of DSA signature in RFC 2459?

To: "'Ilan Shacham'" <ilans@xxxxxxx>, "Ietf-Pkix (E-mail)" <ietf-pkix@xxxxxxx>
Subject: RE: Error in encoding of DSA signature in RFC 2459?
From: Darren Harter <darren.harter@xxxxxxxxxxxxx>
Date: Tue, 1 Jun 1999 08:47:49 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Ilan,

You are correct.  The examples in RFC 2459 are incorrect in a number of places with respect to integer encodings - always with the leading 00 octet missing.  Several postings have been made to the working group about this, but as far as I am aware the authors have not yet acknowledged the error.

They do get it right in D.3 though where the public key starts as follows:

0319 03 6b        107: . . . BIT STRING
                     : 00   (0 unused bits)
                     : 30 68 02 61 00 be aa 8b 77 54 a3 af ca 77 9f 2f
                     : b0 cf 43 88 ff a6 6d 79 55 5b 61 8c 68 ec 48 1e

Regards,

Darren

------------------------------------------------------------------------
Darren Harter BSc (Hons) CEng MBCS
Entegrity Solutions Corp
http://www.entegrity.co.uk
http://www.entegrity.com
Tel:  +44 (0) 1452 371383
Fax: +44 (0) 1452 371384
Cell: +44 (0) 7801 812850
Email: mailto:darren.harter@entegrity.com


-----Original Message-----
From:	Ilan Shacham [SMTP:ilans@arx.com]
Sent:	Sunday, May 30, 1999 3:58 PM
To:	Ietf-Pkix (E-mail)
Subject:	Error in encoding of DSA signature in RFC 2459?

The DSA signature is defined in rfc 2459 as

           Dss-Sig-Value  ::=  SEQUENCE  {
                   r       INTEGER,
                   s       INTEGER  }

where r and s are positive integers (according to the mathematics).
The signature in the first example (D.1) is encoded like this:

0650 03 2f         47: . BIT STRING  (0 unused bits)
                     : 30 2c 02 14 a0 66 c1 76 33 99 13 51 8d 93 64 2f
                     : ca 13 73 de 79 1a 7d 33 02 14 5d 90 f6 ce 92 4a
                     : bf 29 11 24 80 28 a6 5a 8e 73 b6 76 02 68

integers are encoded in DER in two's compliment, which means a 
positive value with the MSB on, should be encoded with a leading 0
octet, and so the signature sould look like this:

                    : 30 2d 02 15 00 a0 66 c1 76 33 99 13 51 8d 93 64 2f
                     : ca 13 73 de 79 1a 7d 33 02 14 5d 90 f6 ce 92 4a
                     : bf 29 11 24 80 28 a6 5a 8e 73 b6 76 02 68

This is repeated in the next examples too.
Am I missing anything here?

Ilan

------------------------------------------------------------------------
Ilan Shacham				mailto:ilans@arx.com
Algorithmic Research Ltd.		http://www.arx.com
10 Nevatim St.,			phone:	972 - 3 - 9279540
Petach-Tikva, Israel			Fax:	972 - 3 - 9230864

Prev by Date: Re: attribute encryption (was: Re: X.509 ACs vs. SPKI?)
Next by Date: RE: X.509 ACs vs. SPKI?
Previous by thread: Error in encoding of DSA signature in RFC 2459?
Next by thread: CA Liabilty - How does it REALLY work?
Index(es):
- Date
- Thread