[xmlsec] DSA Signatures

Aleksey Sanin aleksey at aleksey.com
Mon Jan 4 11:09:53 PST 2021


Right, I know remember that I had problems with leading zero's
as well :) Take a look at the code for details:

https://github.com/lsh123/xmlsec/blob/f3a59c721e38a663405093e2bbb30e2bf45853a2/src/openssl/signatures.c#L597



Aleksey

On 1/4/21 11:06 AM, Timothy Legge wrote:
> Thanks.  I suspect it is related to the possible leading zeros in the
> I2OSP spec that I may be losing when I concatenate r and s but I have
> not tracked it down yet.
> 
> Tim
> 
> On Mon, Jan 4, 2021 at 2:25 PM Aleksey Sanin <aleksey at aleksey.com> wrote:
>>
>> https://www.w3.org/TR/xmldsig-core1/#sec-DSA
>>
>> Aleksey
>>
>> On 1/4/21 9:07 AM, Timothy Legge wrote:
>>> Hi
>>>
>>> This is somewhat off topic as it is related to my maintenance of the
>>> Perl XML::Sig module.
>>>
>>> DSA signatures are a base64 encoded concatenation of the r and s octet
>>> streams.  I can sign and verify DSA signatures with XML::Sig or xmlsec
>>> but occasionally the DSA signature validation fails (for both XML::Sig
>>> and xmlsec at the same time).
>>>
>>> I assume something is getting lost when I concatenate  r and s before
>>> it is base64 encoded.  Any thoughts based on how xmlsec generates the
>>> base64 encoded DSA signature?
>>>
>>> regards
>>>
>>> Tim
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>


More information about the xmlsec mailing list