[gnutls-help] How to encode/decode ECDSA signatures to raw format

Nicolas Mora nicolas at babelouest.org
Thu May 25 21:01:02 CEST 2017


> Unfortunately there isn't any such function. Since 3.5.x there is an
> exported, but still internal function _gnutls_decode_ber_rs_raw() for
> that. I created an issue to export them for 3.6.0, but until then you
> may want to replicate them to use them.

Thanks for the answer,

There goes another question related to _gnutls_decode_ber_rs_raw(). When 
I use it with a newly created signature, I got 2 output parameters R and 
S. Each of them have a size parameter of 48 or 49, whatever the 
algorithm size used.

If I read the RFC 7518: https://tools.ietf.org/html/rfc7518#section-3.4 
, it says that for a ECDSA P-256 SHA-256 digital signature, R and S must 
be 256-bit unsigned integers. I looked at the content of the values R 
and S set by _gnutls_decode_ber_rs_raw(), it doesn't look like they have 
'0' padding so I assume every bit is relevant. So there must be some 
problems with my usage.

With these 256 bits parameters, I must build 2 32 bytes long array that 
are the representation of the parameters R and S, then concatenate them 
in a 64 byte sequence to have my signature.

My current usage is the following:
gnutls_privkey_sign_data(privkey, alg, 0, &body_dat, &sig_dat)
_gnutls_decode_ber_rs_raw(&sig_dat, &r, &s)

Is it the right way to use this function or should I use it differently?

If this is the right way, how to convert my R and S parameters into 32 
bytes big endian array?

Thanks in advance


More information about the Gnutls-help mailing list