DSA and ECDSA signature format is incompatible with XMLDSig
Sean Mullan
sean.mullan at oracle.com
Mon Jul 19 22:35:26 UTC 2010
On 7/19/10 5:32 PM, Maarten Bodewes wrote:
> Darn, that was a bit premature, I don't see how the PKCS#11 provider can
> support this. Currently it only lists the SHA256withECDSA and such.
>
> This would make it near impossible to directly perform XML signatures
> using a HSM or software PKCS#11 lib.
>
> I'm not sure what output is generated by PKCS#11 natively, but that does
> not matter as the provider will certainly generate the DER encoded
> structure.
>
> At a minimum I think that the algorithms should be included in the
> PKCS#11 provider, but it makes the argument for the new string less sound.
Sorry, I'm not fully understanding what the issue is, can you clarify? Here's
what the PKCS#11 (v 2.20) specification [1] says:
section 12.2.8 DSA with SHA-1
"For the purposes of this mechanism, a DSA signature is a 40-byte string,
corresponding to the concatenation of the DSA values r and s, each represented
most-significant byte first."
section 12.3.1 EC Signatures
"For the purposes of these mechanisms, an ECDSA signature is an octet string of
even length which is at most two times nLen octets, where nLen is the length in
octets of the base point order n. The signature octets correspond to the
concatenation of the ECDSA values r and s, both represented as an octet string
of equal length of at most nLen with the most significant byte first. ..."
--Sean
[1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
More information about the security-dev
mailing list