SHA256withECDSA签名算法的输出格式是什么？ [英] What is the output format of the SHA256withECDSA signature algorithm?

问题描述

我正在使用secp256k1曲线生成密钥对。然后，我使用私钥对随机字符串进行签名：

  byte [] content = random string .getBytes（ ）; 
 Signature dsa = Signature.getInstance（ SHA256withECDSA）; 
 dsa.initSign（privateKey）; 
 dsa.update（content）; 
 byte [] signature = dsa.sign（）; 
  

签名字节数组具有以下内容：

  [48，68，2，32，11，25，119，-64，-107，53，-84，65，-18，-81，-56，34 ，
 11，29，120，38，-102，105，-89，-9，-46，-28，91，59，-74，-103，-53，
 117，81 ，-37，85，27，2，32，55，97，-11，-85，110，-106，81，-94，7，
 112，125，-29，-16，-8 ，121、123、14，-17，-7，-10、1，-80，-117、86，
 98，-13，-47，-51、58，-15，-48、10 ] 
  

我想了解签名数组的内容是什么。根据ECDSA维基百科的页面，签名是计算出的值（ r ， s ），但在我看来，该数组中还有更多。签名始终以字节开头

  48，68，2，32 
  

这似乎是某种标题。是否有说明该数组格式的规范？具体来说，我想获取 r 和 s 值。

谢谢。

解决方案

我很确定这是一个骗子，但我现在没有时间看。

ECDSA（或DSA）签名有一些标准表示/编码。 Java JCE使用的一种是 ASN.1 DER 编码-有关基础知识，请参见维基百科。 和详细信息。
具体来说，ECDSA或DSA签名是两个INTEGER字段的ASN.1 SEQUENCE。请参阅 rfc3279第2.2.3节中的 ECDSA-Sig-Value 或 SEC1附录C.5（在第114页上）或X9.62的一部分，但要花钱。 / p>

字节48（0x30）是SEQUENCE的标签（实际上SEQUENCE为0x10加上'constructed'为0x20），然后是一个或多个字节，其长度为序列的主体；对于EC，主体几乎总是足够短，可以使用简单的一字节长度。 2是INTEGER的标记，后跟一个字节，其长度为第一个整数。在该整数的值（也称为内容）结束之后，将还有另一个2，它是第二个整数的标记，后跟一个字节，该字节是第二个整数的长度。 secp256k1的整数通常长度为32或33个八位位组，具体取决于它们是否需要填充以确保符号为正，这是因为ASN.1整数是带符号的，而在DER中，它们是二进制补码，但在极少数情况下会更少。 p>

I'm generating a key pair using the secp256k1 curve. Then I'm using the private key to sign a random String:

byte[] content = "random string".getBytes();
Signature dsa = Signature.getInstance("SHA256withECDSA");
dsa.initSign(privateKey);
dsa.update(content);
byte[] signature = dsa.sign();

The signature byte array has the following content:

[48, 68, 2, 32, 11, 25, 119, -64, -107, 53, -84, 65, -18, -81, -56, 34,
11, 29, 120, 38, -102, 105, -89, -9, -46, -28, 91, 59, -74, -103, -53,
117, 81, -37, 85, 27, 2, 32, 55, 97, -11, -85, 110, -106, 81, -94, 7,
112, 125, -29, -16, -8, 121, 123, 14, -17, -7, -10, 1, -80, -117, 86,
98, -13, -47, -51, 58, -15, -48, 10]

I want to understand what is the content of the signature array. According to the ECDSA Wikipedia page the signature is the values (r, s) that were calculated, but it seems to me there's more in that array. The signature always start with the bytes

48, 68, 2, 32

Which seem to be some kind of header. Is there a specification that explains the format of that array? Specifically, I want to obtain the r and s values.

Thanks.

解决方案

I'm pretty sure this is a dupe but I don't have time to look right now.

There are a few standard representations/encodings of an ECDSA (or DSA) signature. The one Java JCE uses is an ASN.1 DER encoding -- see wikipedia for basics and details. Specifically the ECDSA or DSA signature is an ASN.1 SEQUENCE of two INTEGER fields; see ECDSA-Sig-Value in rfc3279 section 2.2.3 or part of SEC1 appendix C.5 on page 114 or X9.62 but that costs money.

The byte 48 (0x30) is the tag for SEQUENCE (actually 0x10 for SEQUENCE plus 0x20 for 'constructed') and it is followed by one or more bytes giving the length of the body of the sequence; for EC the body is almost always short enough to use a simple one-byte length. The 2 is the tag for INTEGER and it is followed by a byte giving the length fo the first integer. After the end of the value (aka contents) of that integer there will be another 2 which is the tag for the second integer followed by a byte which is the length of the second integer. The integers for secp256k1 will usually have length of 32 or 33 octets depending on whether they need padding to ensure the sign is positive, because ASN.1 integers are signed and in DER they are two's-complement, but in rare cases less.

这篇关于SHA256withECDSA签名算法的输出格式是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！