Hi Marek, As I mentioned before, I am using the openSSL directory for its support for the ECDSA. Which I need to implement the AACS standard. I am not sure you are familiar with it, but in short the problem I am encountering right now is that in the AACS Std the signatures are represented as 40 bytes number (2 BN of size 20). It has been working good, but I have encountered a case where the ecdsa_do_sign function returns a signature where the r and s (the 2 big numbers) are not of size 20 bytes, which as you can imagine can damage the AACS protocol. I was wondering why this could happen? should not this size be set according to the dgst len size? Is there a way to set this size to 20?
Thanks again for all the help and support Eman On 9/19/07, Marek Marcola <[EMAIL PROTECTED]> wrote: > > Hello, > > As far as I could see the ASN.1 is used basically to calculate the > > size of the signature (at least on the ecdsa side). So if I know > > exactly the size of the signatures then I can only remove the use of > > the ASN.1? > ECDSA functions works in general on BIGNUM's (packed in some structures) > and ECDSA signature is two BIGNUM's (r,s). If you want to transfer > signature to your peer, this numbers are converted to ASN1 SEQUENCE > of two INTEGERs. Your peer must get this SEQUENCE and convert to > BIGNUM (r,s) and next check signature. If can convert this two > BIGNUMs to ASN1 and from ASN1 to BIGNUMs (which is very ease) then > you will do not need OpenSSL ASN1 module. > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
