[Openid-specs-ab] JWS/A : ECDSA signature byte length
John Bradley
ve7jtb at ve7jtb.com
Mon May 28 14:38:29 UTC 2012
The Curve of the public key defines the length of r and s
P-160 EC key length = 160 bits , z hash SHA1, r & s = 160 bits, equiv RSA 2048 bit key
P-256 EC key length = 256 bits , z hash SHA256, r & s = 256 bits, equiv RSA 3072 bit key
P-384 EC key length = 384 bits , z hash SHA384, r & s = 384 bits, equiv RSA 7680 bit key
For a SHA256 hash z is 32bytes.
Using the P-256 curve r and s both need to be 256 bits.
So the resulting "r | s" is 512 bits.
If you are using SHA384 then r and s are 48 octets each with the P-384 curve.
Is that what you were looking for?
In principal the bit-length of z could be different, but best practice is to keep them the same as r & s.
John
On 2012-05-27, at 7:43 PM, hideki nara wrote:
> Hi all,
>
> I'm developing JWS library with C# and Python.
> Could someone please describe why the byte length of ECDSA signature,
> r and s, is 32 ?
>
> Thanks in advance.
> ---
> hdknr
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list