[gnutls-help] How to encode/decode ECDSA signatures to raw format

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu May 25 08:30:43 CEST 2017


On Wed, May 24, 2017 at 6:27 PM, Nicolas Mora <nicolas at babelouest.org> wrote:
> Hello,
>
> I'm still working on porting libjwt https://github.com/benmcollins/libjwt
> from openssl to gnutls.
>
> The last problem I have is about ECDSA signatures. If I use a GNUTLS_PK_EC
> private key to sign the data with gnutls_privkey_sign_data, the libjwt unit
> tests fail.
>
> I see in the openssl version of libjwt that after signing the data, that it
> converts to a raw format of R/S, by decoding the signature:
> https://github.com/benmcollins/libjwt/blob/master/libjwt/jwt-openssl.c#L264
>
> For the verification procedure, it converts back the signature to ASN1:
> https://github.com/benmcollins/libjwt/blob/master/libjwt/jwt-openssl.c#L386
>
> Are there equivalent functions to encode/decode ECDSA signatures in GnuTLS?

Unfortunately there isn't any such function. Since 3.5.x there is an
exported, but still internal function _gnutls_decode_ber_rs_raw() for
that. I created an issue to export them for 3.6.0, but until then you
may want to replicate them to use them.

regards,
Nikos

[0]. https://gitlab.com/gnutls/gnutls/issues/205



More information about the Gnutls-help mailing list