That's just the way ECDSA and DSA signatures work. Yes the ASN.1 encoding
factors in but mostly it's just the way the math goes. The signature is a
tuple (r,s) where r and s are mod n and n is fixed per curve. r and s are
always smaller than n, normally around the same size as n, but can also be
even smaller depending on how the modular reduction goes.
BBB
$ openssl ecparam -name prime256v1 -out private.pem -genkey -noout
$ echo -n "0xDEADBEEF" | openssl dgst -sign private.pem -sha256 -out sig.bin
$ openssl asn1parse -in sig.bin -inform DER
0:d=0 hl=2 l= 70 cons: SEQUENCE
2:d=1 hl=2 l= 33 prim: INTEGER
:F5DCE3A83786EC0F54E0B0019DB481D30CB8DE5DB3F83349E5D00DCC87EEFEB1
37:d=1 hl=2 l= 33 prim: INTEGER
:E5A3542861A325636D290A6133D99E7B4A28F252C5C9A5DA0B0B884D1AD70D29
$ echo -n "0xDEADBEEF" | openssl dgst -sign private.pem -sha256 -out sig.bin
$ openssl asn1parse -in sig.bin -inform DER
0:d=0 hl=2 l= 68 cons: SEQUENCE
2:d=1 hl=2 l= 32 prim: INTEGER
:55B9639848C7A47DBDFEEC25B9D8CA772CB984E494BEB4DE4A843EED95254547
36:d=1 hl=2 l= 32 prim: INTEGER
:0EF138F87E44CCBEE3BC509D661B9B565DA04D39BD0C3914A783B26762FF85B7
On Tue, Sep 17, 2013 at 12:48 PM, redpath <[email protected]> wrote:
> I am glad someone is asking this question.
> I sign the same data with same private key and sometimes the signature is
> 63
> and sometimes it is 64 but overall the verification works for each
> anyhow.
>
>
>
>
>
>
>
>
> --
> View this message in context:
> http://openssl.6102.n7.nabble.com/Concerning-the-ECDSA-sig-size-tp46553p46559.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [email protected]
>
