|Applies To||RSA BSAFE Crypto-C|
r is supposed to be 20 bytes; s is supposed to be 20 bytes
When you use AI_DSAWithSHA1, the result from B_SignFinal is a BER-encoded SEQUENCE of two INTEGERS. If the high bit of either of those integers happens to be set, a leading 0x00 byte is added to the BER-encoded INTEGER value. This is because values in BER-encoded integers are defined to be represented in the complement form of two. Because neither r nor s is a negative integer, the leading 0x00 byte is needed in those cases.
AI_DSA takes a 20 byte input, the result of a SHA1 hash, and outputs through B_SignFinal a 40-byte value which is just r and s concatenated together.
|Issue||How to obtain DSA signature (r,s) in RSA BSAFE Crypto-C|
When data is signed with AI_DSAWithSHA1, the result from B_SignFinal is anywhere from 46-48 bytes
|Resolution||Use an algorithm object with AI_SHA1 to digest the data to sign. Take the 20-byte result and sign it using another algorithm object with AI_DSA. The first 20 bytes of the result are r; the remaining 20 are s.|
This case is more the exception than the norm. It is rare that a DSA signature, which is not BER encoded, will be asked for or transmitted. If in doubt, use AI_DSAWithSHA1 to get the BER-encoded signature. Only use the method outlined in this solution if you are absolutely sure that this is what you must do.
|Legacy Article ID||a1380|