-
Type:
Enhancement
-
Resolution: Duplicate
-
Priority:
P3
-
Affects Version/s: 7
-
Component/s: security-libs
-
None
-
generic
-
generic
This CR proposes a solution to a long-standing XMLDSig issue with the current DSA and ECDSA signature bytes format.
The format of the Signature bytes for these algorithms is an ASN.1 encoded sequence of the integers r and s:
SEQUENCE ::= { r INTEGER, s INTEGER }
Unfortunately, this is not compatible with XMLDSig (and other signature formats/implementations including PKCS#11 and .NET), which doesn't ASN.1 encode them and simply base64 encodes the raw bytes of r and s concatenated (the IEEE P1363 format).
So, our XMLDSig implementation always has to strip off, or decode the ASN.1 stuff after calling Signature.sign() when generating signatures, and ASN.1 encode the signature bytes before calling Signature.verify() when verifying signatures.
The format of the Signature bytes for these algorithms is an ASN.1 encoded sequence of the integers r and s:
SEQUENCE ::= { r INTEGER, s INTEGER }
Unfortunately, this is not compatible with XMLDSig (and other signature formats/implementations including PKCS#11 and .NET), which doesn't ASN.1 encode them and simply base64 encodes the raw bytes of r and s concatenated (the IEEE P1363 format).
So, our XMLDSig implementation always has to strip off, or decode the ASN.1 stuff after calling Signature.sign() when generating signatures, and ASN.1 encode the signature bytes before calling Signature.verify() when verifying signatures.
- duplicates
-
-
- Closed
-