1

I am using "secp192k1" curve to generate the key for data signing using ECDSA scheme. Signature is generated using "SHA3-256withECDSA" algorithm provided by BouncyCastle.

Theoretically, the length of the signature should be 192*2/8 = 48 bytes. Instead, this length varies from 54 to 56.

My application demands a signature of fixed length. How can I achieve this?

arvind.mohan
  • 125
  • 1
  • 8
  • Basically dupe http://crypto.stackexchange.com/questions/33095/shouldnt-a-signature-using-ecdsa-be-exactly-96-bytes-not-102-or-103 and the reverse of http://crypto.stackexchange.com/questions/1795/how-can-i-convert-a-der-ecdsa-signature-to-ASN.1 – dave_thompson_085 Mar 24 '17 at 00:35
  • @dave_thompson_085 I'm unable to achieve fixed length of signature in my application, which is not explained anywhere. – arvind.mohan Mar 24 '17 at 09:58

1 Answers1

2

To encode the signature you first have to parse the ASN.1 structure also shown in the linked answers provided by dave_thomson_085. Once you have got two integer in the programming language / runtime of your choice then you need to encode them as two statically sized integer encodings. These integers (usually) need to be big endian / network order, unsigned integers.

To do this you need to implement a function called I2OSP from the RSA specifications. You feed this the two numbers and the key size (the size of the order of the curve) rounded upwards to bytes (that's $192 / 8 = 24$ bytes).

There are two ways to do this:

  • directly implement the mathematical functions and concatenate the resulting bytes or
  • encode the integer back to bytes - most platforms have a function for this - and then adjust the encoding by padding and possibly reversing the encoding

The latter is probably faster as it just requires byte operations. I usually opt for the latter, but I've seen many cryptographers (naively, in my opinion) do the first.

Finally you simply concatenate the numbers and presto - you're done (there is also OS2IP in RSA, in case you need to do the reverse).

Community
  • 1
Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
  • Thanks for the answer. What does presto stands for, btw? – arvind.mohan Mar 24 '17 at 19:17
  • 1
    It's italian for in short time, but it's commonly used for almost immediately as far as I know. My parents used it a lot, but as they are not linguists, it may be that they used it incorrectly :) – Maarten Bodewes Mar 24 '17 at 23:19
  • 1
    FWIW in the US (at least?) 'presto!' or 'hey presto!' was traditionally and widely used by stage magicians to emphasize the result of a trick. (Back when people actually went somewhere to be entertained instead of vegetating on the couch in front of the 12-foot super-super-high-def TV screen.) https://en.wiktionary.org/wiki/presto – dave_thompson_085 Apr 14 '18 at 04:18