Specification defining ECDSA signature data

I want to know which specification (or standard) defines the format of the ECDSA signature and public key data?

I am testing ECDSA signature on java card. I found out that there is TLV format in the signature and value of the public key.

* Public key (TV format)
[Tag=04] [public key value 1] [public key value 2]
04 038A3F59E813995DAB730588CFCBB985F5A1ED90C0D62960AE0B274D 2E6B12672318E0B113DECC0406B62887B6BCB9B1583B1A50779EAB5A

* Signature (TLV format)
[Tag=30] [Length=3C~3E] [Tag=02] [Length=1C~1D] [signature value 1] [Tag=02] [Length=1C~1D] [signature value 2]

303C 021C 7EEB0B2596F74344B3D7B046EA0BD17C4461FC277658CE93509F1674      021C 4F5DBFB30D994664DA80528847A767F0194876B068E5958161797991
303E 021D 0080F20B82D407AE663F010F4990F12073631D653EA1D65DC75EBD4293    021D 00880DB667EF51AEA8E7C9BB012496C7C9ECE3BC5829B82B692B9211C3
303D 021D 00F77447EF326A4A49597D0B839F68F524891F3655DA4561F1AA10EF70    021C 152F7FF18644C5E5C9118736E1F7528F0B10C5FF641C7B7CDF012129
303D 021D 00A2EBCC5C5981341D0726F2E846CC3879C74EFD64D8698589A8CEAB60    021C 6E04FF884A451D7C0737A182BC2DE7F7D3008EE182B46A009BFFC9E8


I think that the data format is defined in some specifications or standards. I just want to know the title of the document.


source to share

3 answers

The ASN.1 structure is defined in SEC 1: Elliptic Curve Cryptography (Part C: ASN.1 for Elliptic Curve Cryptography), from the SECG (Standards for Effective Cryptographic Group).



Also ANDI X9.62 may be important, but not freely available, I think For example:




The public key value is an uncompressed point. It is defined by a value 04

that is the identifier for the uncompressed point, followed by the X and Y coordinates, where X and Y are encoded as unsigned strings that are the same size as the key size (same as the curve order size in the parameters ). Note that this is 04

also a tag for OCTET STRING in ASN.1, but this has nothing to do with the uncompressed point indicator.

The format of the domain parameters is unknown to me. It is of course not encoded as https://www.ietf.org/rfc/rfc5480.txt as Paul suggests. I am assuming this is some kind of proprietary DER format that uses multiple ASN.1 SEQUENCE values ​​filled with two ASN.1 INTEGER values. These integer values ​​(after the length) are signed, domainless, large Endian encodings, which, fortunately, are fully compatible with Java encoding BigInteger


Paul Bastian is right about the generated signature, X9.42 compatible. Regular signatures are not yet supported by Java Card.



All Articles