Yadis.... now OpenID

Karl Koscher mrsaturn at teencity.org
Tue May 17 22:53:13 PDT 2005


 > DSA signature is now BASE64(DER(ASN1(SEQUENCE(INTEGER,INTEGER))))

Of course, this makes it more difficult for PHP implementations, because 
its OpenSSL support is severely crippled. The TypeKey clients currently 
do the signature verification with either bcmath or gmp -- whichever is 
enabled, and neither are supported "out of the box" with the standard 
PHP distribution.

PHP also has zero support for ASN.1/DER, so you'll have to extract the r 
and s values yourself. Thankfully, this isn't too hard. The basic format is:

0x30 - Start of a structure
0xXX - The length of the entire structure, including both ints
0x02 - Start of an integer (r)
0xYY - Length of the integer
<variable> - The integer encoded in the least number of bits possible 
such that it can never be interpreted as a negative signed number. 
Basically, if the highest-order bit is a 1, you prepend it with a 0x00.
0x02 - Start of an integer (s)
0xZZ - Length of the integer
<variable>

I'm not certain, but this might be proceeded by a variable number of 
0x00s to bring the total length to 48 bytes.

That's it. The PEM public key you get is encoded the same way, with a 
slightly different structure that's mentioned in RFC 2459 -- search for  
Dss-Parms and DSAPublicKey. DER is described in 
http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf

This all took me entirely too long to figure out.

- Karl


More information about the yadis mailing list