Sahana Prasad
2018-07-25 09:14:59 UTC
Hello,
We were testing ecdsa with sha384 using digital signature authentication
with Strongswan.
We received 104 bytes (sometimes 102 bytes) of signature value (we were
expecting 97 bytes, equal to the size of the public key in the ecdsa
certificate)
On discussing this on IRC, I was told that this overhead is due to DER
encoding.
Tried to look for an RFC that mentions this. Could not find it in RFC 7427
or section 2.15 of RFC 7296.
https://tools.ietf.org/html/rfc5280#section-4.1.1.2 talks about it, but it
is for certificates
Can you help me by pointing out to the reference RFC that mentions how the
signature should be encoded? and how it is implemented?
Is the DER encoding scheme also employed for RSA?
Thank you for your help in advance,
Regards,
Sahana Prasad
We were testing ecdsa with sha384 using digital signature authentication
with Strongswan.
We received 104 bytes (sometimes 102 bytes) of signature value (we were
expecting 97 bytes, equal to the size of the public key in the ecdsa
certificate)
On discussing this on IRC, I was told that this overhead is due to DER
encoding.
Tried to look for an RFC that mentions this. Could not find it in RFC 7427
or section 2.15 of RFC 7296.
https://tools.ietf.org/html/rfc5280#section-4.1.1.2 talks about it, but it
is for certificates
Can you help me by pointing out to the reference RFC that mentions how the
signature should be encoded? and how it is implemented?
Is the DER encoding scheme also employed for RSA?
Thank you for your help in advance,
Regards,
Sahana Prasad