- From: <bugzilla@jessica.w3.org>
- Date: Sat, 13 Dec 2014 02:12:07 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27602 Bug ID: 27602 Summary: ECDSA's Sign operation is not explicit about how r and s are concatenated (padding) Product: Web Cryptography Version: unspecified Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Web Cryptography API Document Assignee: sleevi@google.com Reporter: ericroman@google.com CC: public-webcrypto@w3.org The spec says the following: --------------------- 2. Let r and s be the pair of integers resulting from performing the ECDSA signing process. 3. Let result be a new ArrayBuffer. 4. Convert r to a bitstring and append the sequence of bytes to result. 5. Convert s to a bitstring and append the sequence of bytes to result. --------------------- As I understand "r" and "s" are big integers in big-endian order. Prior to concatenation r and s must be padded to a fixed length, otherwise when reversing the process during verify() it is unclear unclear how to extract r and s. I believe they should be zero-padded to the group order size in bytes. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Saturday, 13 December 2014 02:12:10 UTC