openssl rust crate:ECDSA 签名大小不是 64 字节?
我想使用 OpenSSL rust crate 来执行加密操作,特别是使用 ECDSA 算法。
我使用以下代码生成 ECDSA 密钥(椭圆曲线 P-256),并使用它来签署数据并获取签名:
use openssl::sign::{Signer, Verifier};
use openssl::ec::{EcKey, EcGroup};
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;
use openssl::nid::Nid;
// ec key
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
let keypair = EcKey::generate(&group).unwrap();
let keypair = PKey::from_ec_key(keypair).unwrap();
// data to sign
let data = b"hello, world!";
// hash: sha-256
let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
let buf_size = signer.len().unwrap(); // Computes an upper bound on the signature length.
println!("buffer size {}", buf_size); // 72
let mut buf: [u8; 72] = [0; 72];
// sign
let exact_bytes = signer.sign_oneshot(&mut buf, data).unwrap(); //the number of bytes written.
println!("{}", exact_bytes); // 70
我不明白为什么 exact_bytes 是 70。根据我的理解, <一href="https://ECDSA%20signatures%20are%202%20times%20longer%20than%20the%20signer%27s%20private%20key%20for%20the%20curve%20used%20during%20the%20signing%20process.%20For% 20例如,%20为%20256-位%20elliptic%20curves%20(如%20secp256k1)%20%20ECDSA%20signature%20is%20512%20bits%20(64%20字节)%20和%20对于%20521位%20曲线%20(如%20secp521r1)%20%20签名%20是%201042%20位。” rel="nofollow noreferrer">应该是 64。
对于签名过程中使用的曲线,ECDSA 签名比签名者私钥长 2 倍。例如,对于 256 位椭圆曲线(如 secp256k1),ECDSA 签名为 512 位(64 字节),对于 521 位曲线(如 secp521r1),签名为 1042 位。
有什么帮助吗?谢谢你!
I want to use OpenSSL rust crate to perform cryptography operations, specifically using the ECDSA algorithm.
I use the following code to generate an ECDSA key (elliptic curve P-256) and use that to sign data and get the signature:
use openssl::sign::{Signer, Verifier};
use openssl::ec::{EcKey, EcGroup};
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;
use openssl::nid::Nid;
// ec key
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
let keypair = EcKey::generate(&group).unwrap();
let keypair = PKey::from_ec_key(keypair).unwrap();
// data to sign
let data = b"hello, world!";
// hash: sha-256
let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
let buf_size = signer.len().unwrap(); // Computes an upper bound on the signature length.
println!("buffer size {}", buf_size); // 72
let mut buf: [u8; 72] = [0; 72];
// sign
let exact_bytes = signer.sign_oneshot(&mut buf, data).unwrap(); //the number of bytes written.
println!("{}", exact_bytes); // 70
I don't understand why the exact_bytes is 70. In my understanding, it should be 64.
ECDSA signatures are 2 times longer than the signer's private key for the curve used during the signing process. For example, for 256-bit elliptic curves (like secp256k1) the ECDSA signature is 512 bits (64 bytes) and for 521-bit curves (like secp521r1) the signature is 1042 bits.
Any help? Thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
从 此处 看来,它还取决于 uaed 的编码签名,这可能会增加长度。
另外,你对签名长度的理解也有解释,和你说的不太一样。
From here it seems that it depends also on the encoding uaed by the signature, which might increase the length.
Also, your understanding about the signature length is explained, which is not quite the same as you said.