6

I want to know what specification (or standard) define the data format of the ECDSA signature and public key?

I'm testing the ECDSA signature on java card. I found out that there is a TLV format in the signature and the public key value.

* Public key (TV format)
[Tag=04] [public key value 1] [public key value 2]
04 038A3F59E813995DAB730588CFCBB985F5A1ED90C0D62960AE0B274D 2E6B12672318E0B113DECC0406B62887B6BCB9B1583B1A50779EAB5A

* Signature (TLV format)
[Tag=30] [Length=3C~3E] [Tag=02] [Length=1C~1D] [signature value 1] [Tag=02] [Length=1C~1D] [signature value 2]

303C 021C 7EEB0B2596F74344B3D7B046EA0BD17C4461FC277658CE93509F1674      021C 4F5DBFB30D994664DA80528847A767F0194876B068E5958161797991
303E 021D 0080F20B82D407AE663F010F4990F12073631D653EA1D65DC75EBD4293    021D 00880DB667EF51AEA8E7C9BB012496C7C9ECE3BC5829B82B692B9211C3
303D 021D 00F77447EF326A4A49597D0B839F68F524891F3655DA4561F1AA10EF70    021C 152F7FF18644C5E5C9118736E1F7528F0B10C5FF641C7B7CDF012129
303D 021D 00A2EBCC5C5981341D0726F2E846CC3879C74EFD64D8698589A8CEAB60    021C 6E04FF884A451D7C0737A182BC2DE7F7D3008EE182B46A009BFFC9E8

I think that the data format is defined in some specification or standard. I just want to know the document name.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
user2642459
  • 507
  • 3
  • 10
  • 18

3 Answers3

5

The ASN.1 structure is defined in SEC 1: Elliptic Curve Cryptography (part C: ASN.1 for Elliptic Curve Cryptography), from the SECG (Standards for Efficient Cryptography Group).

bartonjs
  • 30,352
  • 2
  • 71
  • 111
3

It's in here:
https://www.ietf.org/rfc/rfc5480.txt
Also ANDI X9.62 might be important, but not freely available i think For example:

ECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER }

Paul Bastian
  • 2,597
  • 11
  • 26
1

The public key value is an uncompressed point. It is defined by value 04, which is an identifier for an uncompressed point, followed by the X and Y coordinate, where the X and Y are encoded as unsigned big endian octet strings that have the same size as the key size (same as the size of the order of the curve in the parameters). Note that 04 is also the tag for an OCTET STRING in ASN.1, but that has nothing to do with the uncompressed point indicator.

The format of the domain parameters is unknown to me. It's certainly not encoded as https://www.ietf.org/rfc/rfc5480.txt as Paul suggests. I presume it is some proprietary DER format, which uses multiple ASN.1 SEQUENCE values filled with two ASN.1 INTEGER values each. These integer values (after the length) are signed, unpadded, big endian encodings, which fortunately are completely compatible with the encoding of Java's BigInteger.

Paul Bastian is correct with regards to the signature generated, it's X9.42 compatible. Plain signatures are not yet supported by Java Card.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • A quick google search does not show up any values for the parameters used. This may mean that somebody has generated his own domain parameters, which makes the security of the scheme rather suspect. – Maarten Bodewes Sep 18 '14 at 20:53
  • Hi there, any luck with this and the other question I answered? – Maarten Bodewes Nov 07 '14 at 14:37
  • 1
    I don't see any domain parameters in the Q, I see one publickey (04=X9.62 uncompressed, copied in SEC1 and 5480) and four signatures each a SEQUENCE (30 len) of two INTEGERs (02 len 2sC) per 5480 (and 3279). The curve/group is apparently implicit, although someone less lazy than me could check whether the publickey X,Y is a point on some standard 224-bit curves. – dave_thompson_085 Sep 01 '18 at 03:35
  • @dave_thompson_085 Thanks for the adjustment, I'll create a better answer out of this one to point to the standards and describe them both.The other answers are OK but not complete. – Maarten Bodewes Sep 03 '18 at 11:52