I want to use OpenSSL rust crate to perform cryptography operations, specifically using the ECDSA algorithm.
I use the following code to generate an ECDSA key (elliptic curve P-256) and use that to sign data and get the signature:
use openssl::sign::{Signer, Verifier};
use openssl::ec::{EcKey, EcGroup};
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;
use openssl::nid::Nid;
// ec key
let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
let keypair = EcKey::generate(&group).unwrap();
let keypair = PKey::from_ec_key(keypair).unwrap();
// data to sign
let data = b"hello, world!";
// hash: sha-256
let mut signer = Signer::new(MessageDigest::sha256(), &keypair).unwrap();
let buf_size = signer.len().unwrap(); // Computes an upper bound on the signature length.
println!("buffer size {}", buf_size); // 72
let mut buf: [u8; 72] = [0; 72];
// sign
let exact_bytes = signer.sign_oneshot(&mut buf, data).unwrap(); //the number of bytes written.
println!("{}", exact_bytes); // 70
I don't understand why the exact_bytes is 70. In my understanding, it should be 64.
ECDSA signatures are 2 times longer than the signer's private key for the curve used during the signing process. For example, for 256-bit elliptic curves (like secp256k1) the ECDSA signature is 512 bits (64 bytes) and for 521-bit curves (like secp521r1) the signature is 1042 bits.
Any help? Thank you!
From here it seems that it depends also on the encoding uaed by the signature, which might increase the length.
Also, your understanding about the signature length is explained, which is not quite the same as you said.