Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature value for EC signatures is not DER encoded #15

Open
JanSlabon opened this issue Jul 10, 2020 · 2 comments
Open

Signature value for EC signatures is not DER encoded #15

JanSlabon opened this issue Jul 10, 2020 · 2 comments

Comments

@JanSlabon
Copy link

While it is possible to use an RSA signature directly as a signature value in a CMS SignedData structure the value of an EC signature is a raw 64 byte-string which needs to be processed and embedded into a valid structure.

From RFC5753, item 2.1.1:

  • signature MUST contain the DER encoding (as an octet string) of a
    value of the ASN.1 type ECDSA-Sig-Value (see Section 7.2).
  ECDSA-Sig-Value ::= SEQUENCE {
    r INTEGER,
    s INTEGER }

This should be documented or fixed. It is also required to rebuild such structure to be able validate this kind of signature with common tools.
@aasaru
Copy link
Contributor

aasaru commented Aug 5, 2020

Internal issue id: DDS-2851

@ykshatroff
Copy link

The EC signature format used here is called X.962 or CVC, but I totally agree that since most libraries do not contain code to convert X.962 to DER, one has to reimplement it, and as it is not explicitly documented, this is a problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aasaru @ykshatroff @JanSlabon