1

I am using "secp192k1" curve to generate the key for data signing using ECDSA scheme. Signature is generated using "SHA3-256withECDSA" algorithm provided by BouncyCastle.

Theoretically, the length of the signature should be 192*2/8 = 48 bytes. Instead, this length varies from 54 to 56.

My application demands a signature of fixed length. How can I achieve this?

arvind.mohan
  • 125
  • 1
  • 8

1 Answers1

2

To encode the signature you first have to parse the ASN.1 structure also shown in the linked answers provided by dave_thomson_085. Once you have got two integer in the programming language / runtime of your choice then you need to encode them as two statically sized integer encodings. These integers (usually) need to be big endian / network order, unsigned integers.

To do this you need to implement a function called I2OSP from the RSA specifications. You feed this the two numbers and the key size (the size of the order of the curve) rounded upwards to bytes (that's $192 / 8 = 24$ bytes).

There are two ways to do this:

  • directly implement the mathematical functions and concatenate the resulting bytes or
  • encode the integer back to bytes - most platforms have a function for this - and then adjust the encoding by padding and possibly reversing the encoding

The latter is probably faster as it just requires byte operations. I usually opt for the latter, but I've seen many cryptographers (naively, in my opinion) do the first.

Finally you simply concatenate the numbers and presto - you're done (there is also OS2IP in RSA, in case you need to do the reverse).

Community
  • 1
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323