[openssl-users] Certificate verification fails with latest commits (ECDSA)
jan.weil at ptb.de
jan.weil at ptb.de
Tue Feb 3 14:19:50 UTC 2015
Hi Steve,
thanks a lot for your quick response and for the clarification.
> Von: "Dr. Stephen Henson" <steve at openssl.org>
> The MSB is effectively a sign bit but the explanation in the standard
isn't
> very clear. If you take your example of GTS001.pem and do:
>
> openssl asn1parse -in GTS001.pem -strparse 367 -out sig.der
>
> It will parse out the Ecdsa-Sig-Value field and you get:
>
> 0:d=0 hl=2 l= 52 cons: SEQUENCE
> 2:d=1 hl=2 l= 24 prim: INTEGER
> :-0739E1C1762E2E3E1D4480425633EA0BB669CE784DC3ACCB
> 28:d=1 hl=2 l= 24 prim: INTEGER
> :-332658917A3B05831D91176C0512CF91C617819E1A7CF14B
>
> Note the two - signs.
> [...]
> What this is saying is that if the MSB is one you subtract that value
from
> the result.
>
> For example 0x80 without the MSB represents '0' the MSB represents 0x80
and
> you subtract that resulting in -0x80.
Well, yes, that's how two's complement works.
> That's why you need the 0 padding byte prepended if the MSB is one.
The actual problem is that I have totally ignored the mathematics of ECs
and it only occured to me when I read your reply that the values of r and
s, as far as i understand now, can never be negative.
Not so good news for our certificates...
Thanks again!
Jan
Jan Weil
Physikalisch-Technische Bundesanstalt
Arbeitsgruppe 8.52 Datenkommunikation und -sicherheit
Abbestr. 2 - 12
10587 Berlin
Telefon: (+49 30) 34 81 - 77 64
Fax: (+49 30) 34 81 - 69 77 64
Email: jan.weil at ptb.de
More information about the openssl-users
mailing list