[xmlsec] DSA Signatures

Aleksey Sanin aleksey at aleksey.com
Mon Jan 4 11:09:53 PST 2021

Right, I know remember that I had problems with leading zero's
as well :) Take a look at the code for details:



On 1/4/21 11:06 AM, Timothy Legge wrote:
> Thanks.  I suspect it is related to the possible leading zeros in the
> I2OSP spec that I may be losing when I concatenate r and s but I have
> not tracked it down yet.
> Tim
> On Mon, Jan 4, 2021 at 2:25 PM Aleksey Sanin <aleksey at aleksey.com> wrote:
>> https://www.w3.org/TR/xmldsig-core1/#sec-DSA
>> Aleksey
>> On 1/4/21 9:07 AM, Timothy Legge wrote:
>>> Hi
>>> This is somewhat off topic as it is related to my maintenance of the
>>> Perl XML::Sig module.
>>> DSA signatures are a base64 encoded concatenation of the r and s octet
>>> streams.  I can sign and verify DSA signatures with XML::Sig or xmlsec
>>> but occasionally the DSA signature validation fails (for both XML::Sig
>>> and xmlsec at the same time).
>>> I assume something is getting lost when I concatenate  r and s before
>>> it is base64 encoded.  Any thoughts based on how xmlsec generates the
>>> base64 encoded DSA signature?
>>> regards
>>> Tim
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list