Pete Chown wrote:
>
> Salz, Rich wrote:
>
> > > Pls excuse my silly question. Can anyone kindly tell me that does
> > > signatures have fixed lengths, or not.
> >
> > For RSA sizeof(sig) == sizeof(key)
>
> For DSA, the signature is 320 bits -- two numbers the size of the
> small modulus. For ElGamal the signature is twice the length of the
> (only) modulus.
>
Its a little more complex that that for DSA. The signature is two
integers normally of 160 bits each. However this is usuallly wrapped up
in an ASN1 Dss-Sig-Value structure:
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
At this point the size depends on the actual values of r and s because
the ASN1 INTEGER content octets do not include any leading zeros in r, s
and will include an extra zero if the MSB is 1.
This effectively means that you can determine an upper bound for the
signature length (assume r and s have MSB set) but you only know the
precise length after r and s have been determined. The final length may
be a few bytes smaller than the maximum.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
