000018467 - How to obtain DSA signature (r s) in RSA BSAFE Crypto-C

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018467
Applies ToRSA BSAFE Crypto-C
r is supposed to be 20 bytes; s is supposed to be 20 bytes
When you use AI_DSAWithSHA1, the result from B_SignFinal is a BER-encoded SEQUENCE of two INTEGERS. If the high bit of either of those integers happens to be set, a leading 0x00 byte is added to the BER-encoded INTEGER value. This is because values in BER-encoded integers are defined to be represented in the complement form of two. Because neither r nor s is a negative integer, the leading 0x00 byte is needed in those cases.
AI_DSA takes a 20 byte input, the result of a SHA1 hash, and outputs through B_SignFinal a 40-byte value which is just r and s concatenated together.
IssueHow to obtain DSA signature (r,s) in RSA BSAFE Crypto-C
When data is signed with AI_DSAWithSHA1, the result from B_SignFinal is anywhere from 46-48 bytes
ResolutionUse an algorithm object with AI_SHA1 to digest the data to sign. Take the 20-byte result and sign it using another algorithm object with AI_DSA. The first 20 bytes of the result are r; the remaining 20 are s.

This case is more the exception than the norm. It is rare that a DSA signature, which is not BER encoded, will be asked for or transmitted. If in doubt, use AI_DSAWithSHA1 to get the BER-encoded signature. Only use the method outlined in this solution if you are absolutely sure that this is what you must do.
Legacy Article IDa1380