Hello,
> When computing DSA signatures, the first eight bytes of the signature
> appear to follow a rather predictable pattern, which I am concerned about.
>
> I've tested this to be so using two slightly different input texts:
> 1. "Mary had a little lamb"
> 2. "Mary had a little lama"
>
> For each of these two texts, I computed 10 signatures (all from the same
> signing key). The signatures (if expressed in hexadecimal format) all
> start with an 8 byte sequence that matches the regular expression:
>
> 302[cde]021[45]
>
>
> Because DSA signatures are computed from SHA1 hashes, I also computed
> these SHA! hashes for each of the two inputs. I was relieved to see that
> the hashes were very different.
>
> Therefore, the observed pattern must come from whatever DSA_sign() does
> after the hash has been computed.
>
> (The test script and its output for one run over
> the two texts are appended to this message)
>
>
> Is the observed pattern normal?
Yes, this is ASN.1 encoding of "real" DSA signature (two integers).
You may check this for example with:
$T="302c02144635bdb6c9972659cef2303983bc37d40c0a102802147fb258a72737889b87878e54c2302145a536d4d"
$echo -n $T | \
perl -e '$b = <>; print pack("H*", $b)' | \
openssl asn1parse -inform DER
0:d=0 hl=2 l= 44 cons: SEQUENCE
2:d=1 hl=2 l=20 prim: INTEGER :4635BDB6C9972659CEF2303983BC37D40C0A1028
24:d=1 hl=2 l=20 prim: INTEGER :7FB258A72737889B87878E54C2302145A536D4D9
and this two INTEGERS is read DSA signature.
Of course this is only ASN.1 encoding of two ASN.1 INTEGERS and
there is no indication that this is DSA signature.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
