[Openid-specs-ab] JWS/A : ECDSA signature byte length

hideki nara hdknr at ic-tact.co.jp
Mon May 28 17:35:07 UTC 2012


John ,Axel

Thank you very much for your description.
I missed the basic concept.

---
hdknr

2012/5/28 John Bradley <ve7jtb at ve7jtb.com>:
> The Curve of the public key defines the length of r and s
>
> P-160  EC key length = 160 bits , z hash SHA1, r & s = 160 bits,  equiv RSA 2048 bit key
> P-256  EC key length = 256 bits , z hash SHA256, r & s = 256 bits, equiv RSA 3072 bit key
> P-384  EC key length = 384 bits , z hash SHA384, r & s = 384 bits, equiv RSA 7680 bit key
>
> For a SHA256 hash z is 32bytes.
>
> Using the P-256 curve r and s both need to be 256 bits.
>
> So the resulting "r | s" is 512 bits.
>
> If you are using SHA384 then r and s are 48 octets each with the P-384 curve.
>
> Is that what you were looking for?
> In principal the bit-length of z could be different, but best practice is to keep them the same as r & s.
>
> John
> On 2012-05-27, at 7:43 PM, hideki nara wrote:
>
>> Hi all,
>>
>> I'm developing JWS library with C# and Python.
>> Could someone please describe why the byte length of ECDSA signature,
>> r and s,  is 32 ?
>>
>> Thanks in advance.
>> ---
>> hdknr
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


More information about the Openid-specs-ab mailing list