DSA and ECDSA signature format is incompatible with XMLDSig

Sean Mullan sean.mullan at oracle.com
Mon Jul 19 15:35:26 PDT 2010

On 7/19/10 5:32 PM, Maarten Bodewes wrote:
> Darn, that was a bit premature, I don't see how the PKCS#11 provider can
> support this. Currently it only lists the SHA256withECDSA and such.
> This would make it near impossible to directly perform XML signatures
> using a HSM or software PKCS#11 lib.
> I'm not sure what output is generated by PKCS#11 natively, but that does
> not matter as the provider will certainly generate the DER encoded
> structure.
> At a minimum I think that the algorithms should be included in the
> PKCS#11 provider, but it makes the argument for the new string less sound.

Sorry, I'm not fully understanding what the issue is, can you clarify? Here's 
what the PKCS#11 (v 2.20) specification [1] says:

section 12.2.8 DSA with SHA-1

"For the purposes of this mechanism, a DSA signature is a 40-byte string, 
corresponding to the concatenation of the DSA values r and s, each represented 
most-significant byte first."

section 12.3.1 EC Signatures

"For the purposes of these mechanisms, an ECDSA signature is an octet string of 
even length which is at most two times nLen octets, where nLen is the length in 
octets of the base point order n. The signature octets correspond to the 
concatenation of the ECDSA values r and s, both represented as an octet string 
of equal length of at most nLen with the most significant byte first. ..."


[1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf

More information about the security-dev mailing list