[openssl-users] i2d and d2i fucntions

Dave Thompson dthompson at prinpay.com
Fri Feb 13 19:54:36 UTC 2015

> From: openssl-users On Behalf Of Rajeswari K
> Sent: Friday, February 13, 2015 09:48
> As part of [ECDSA] signature verification, we first take lenght_of_signature received 
> and compare with double the size of number_of_bytes from curve parameter. 
> Have converted the ECDSA_SIG to unsigned char * using the function i2d_ECDSA_SIG().
> Length returned by i2d_ECDSA_SIG() is 103.
> Whereas, the number_of_bytes value from curve parameter is 48. 

An EDCSA signature, like a DSA signature, and as the 'i2d' should clue you in,
is an ASN1 DER-encoded value. Specifically it is a SEQUENCE of two INTEGERs.
That means it consists of:

2 octets tag and length for the sequence -- OR 3 if the components together 
exceed 127 octets, which will occur almost always if the curve size exceeds 
496 bits and sometimes for slightly smaller curves, see below.

For each integer, 2 octets tag and length then N octets value, as long as the 
curve size does not exceed 1015 bits (and none currently come even close).
Remember DER INTEGERs are two's complement, and the R and S values 
are positive numbers that are for practical purposes uniform random up to 
the curve order which is usually chosen to be nearly a power of two that 
is a multiple of 8 (like 192, 256, 384) and thus require an extra sign octet.

Thus for a 384-bit curve, the encoded signature will be 6+2*48=102 
roughly 25% of the time, 6+48+49 about 50% and 6+49*2 about 25%.

More information about the openssl-users mailing list