问题描述
我使用Wei Dai的Crypto ++在我的应用程序中创建了ECDSA密钥对(secp128r1).签名和验证按预期工作.我不会将消息本身添加到签名中以最小化签名长度(恰好是32个字节).
I create an ECDSA keypair (secp128r1) in my application with Wei Dai's Crypto++. Signing and verifying works as expected. I do not add the message itself to the signature to minimize the signature length (which is exactly 32 Bytes).
但是,当我使用openssl创建签名时:
However, when I create the signature with openssl:
$ cat test.txt | openssl dgst -ecdsa-with-SHA1 -sign sample.key -keyform DER > act.bin
OpenSSL显然会将消息本身放入签名中,从而导致签名更大(例如39字节).如果设置CryptoPP::SignatureVerificationFilter::PUT_MESSAGE
,则可以使用Crypto ++验证签名.
OpenSSL obviously puts the message itself to the signature resulting in a larger signature (e.g. 39 Bytes). I can verify the signature with Crypto++ if I set CryptoPP::SignatureVerificationFilter::PUT_MESSAGE
.
我可以告诉OpenSSL在不将消息放入签名的情况下对消息进行签名,以使生成的签名恰好是32字节吗?
Can I tell OpenSSL to sign a message with NOT putting the message to the signature such that the resulting signature is 32 Byte exactly?
推荐答案
CodesInChaos是正确的.签名中的额外字节来自ASN.1编码,而不是原始邮件正在签名.例如,以下是使用曲线为secp128r1的ECDSA密钥生成的39字节签名:
CodesInChaos is correct. The extra bytes in the signature are from the ASN.1 encoding, and not the original message being signed. For example, here is a 39 byte signature generated with an ECDSA key with curve secp128r1:
30 25 02 10 4E 32 32 90 CA D9 BD D2 5F 8B BE 3B
F2 BF E9 7F 02 11 00 A7 83 A6 68 AD 74 7E 1A 0E
8F 73 BD DF 7A E8 B5
30表示遵循序列. 25告诉您Sequence的长度为0x25字节. 02表示序列中的第一项是整数. 10告诉您第一个Integer的长度为0x10字节.接下来的0x10(16)字节是ECDSA签名的"r"值.第一个整数后面是字节02.这告诉您序列的第二个整数即将开始. 11告诉您接下来的0x11(17)字节组成第二个整数,即ECDSA签名的"s"值.这是11个字节,因为Integer的第一个字节为00.只要整数的第一个字节> = 0x80,就会插入"00".这是为了避免最高有效位为1,这将指示负整数.
The 30 indicates that a Sequence follows. The 25 tells you that the Sequence is 0x25 bytes long. The 02 indicates that the first item in the Sequence is an Integer. The 10 tells you that the first Integer is 0x10 bytes long. The following 0x10 (16) bytes are the "r" value of the ECDSA signature. Following the first integer is the byte 02. This tells you that the 2nd Integer of the Sequence is about to begin. 11 tells you that the next 0x11 (17) bytes make up the 2nd Integer, which is the "s" value of the ECDSA signature. It's 11 bytes because the first byte of the Integer is 00. "00" is inserted whenever the first byte of an integer is >= 0x80. This is to avoid the most significant bit being a 1, which would indicate a negative integer.
所以毕竟,真正的签名值是:
So after all that, the real signature values are:
r: 4E 32 32 90 CA D9 BD D2 5F 8B BE 3B F2 BF E9 7F
s: A7 83 A6 68 AD 74 7E 1A 0E 8F 73 BD DF 7A E8 B5
额外"字节用于ASN.1格式化.
The "extra" bytes are for ASN.1 formatting.
这篇关于ECDSA使用OpenSSL进行签名,并使用Crypto ++进行验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!