Hi Steve, thanks a lot for your quick response and for the clarification. > Von: "Dr. Stephen Henson" <steve at openssl.org> > The MSB is effectively a sign bit but the explanation in the standard isn't > very clear. If you take your example of GTS001.pem and do: > > openssl asn1parse -in GTS001.pem -strparse 367 -out sig.der > > It will parse out the Ecdsa-Sig-Value field and you get: > > 0:d=0 hl=2 l= 52 cons: SEQUENCE > 2:d=1 hl=2 l= 24 prim: INTEGER > :-0739E1C1762E2E3E1D4480425633EA0BB669CE784DC3ACCB > 28:d=1 hl=2 l= 24 prim: INTEGER > :-332658917A3B05831D91176C0512CF91C617819E1A7CF14B > > Note the two - signs. > [...] > What this is saying is that if the MSB is one you subtract that value from > the result. > > For example 0x80 without the MSB represents '0' the MSB represents 0x80 and > you subtract that resulting in -0x80. Well, yes, that's how two's complement works. > That's why you need the 0 padding byte prepended if the MSB is one. The actual problem is that I have totally ignored the mathematics of ECs and it only occured to me when I read your reply that the values of r and s, as far as i understand now, can never be negative. Not so good news for our certificates... Thanks again! Jan Jan Weil Physikalisch-Technische Bundesanstalt Arbeitsgruppe 8.52 Datenkommunikation und -sicherheit Abbestr. 2 - 12 10587 Berlin Telefon: (+49 30) 34 81 - 77 64 Fax: (+49 30) 34 81 - 69 77 64 Email: jan.weil at ptb.de
