Skip to main content

3.3.5. ECDSA Using Curve P-384 DSS and SHA-384

3.3.5. ECDSA Using Curve P-384 DSS and SHA-384

To sign using this algorithm, the signer applies the ECDSA signature algorithm defined in [FIPS186-5] using curve P-384 with the signer's private signing key and the signature base (Section 2.5). The hash SHA-384 [RFC6234] is applied to the signature base to create the digest content to which the digital signature is applied (M). The signature algorithm returns two integer values: r and s. These are both encoded as big-endian unsigned integers, zero-padded to 48 octets each. These encoded values are concatenated into a single 96-octet array consisting of the encoded value of r followed by the encoded value of s. The resulting concatenation of (r, s) is a byte array of the HTTP message signature output used in Section 3.1.

To verify using this algorithm, the verifier applies the ECDSA signature algorithm defined in [FIPS186-5] using the public key portion of the verification key material and the signature base recreated as described in Section 3.2. The hash function SHA-384 [RFC6234] is applied to the signature base to create the digest content to which the signature verification function is applied (M). The verifier extracts the HTTP message signature to be verified (S) as described in Section 3.2. This value is a 96-octet array consisting of the encoded values of r and s concatenated in order. These are both encoded as big-endian unsigned integers, zero-padded to 48 octets each. The resulting signature value (r, s) is used as input to the signature verification function. The results of the verification function indicate whether the signature presented is valid.

Note that the output of ECDSA signature algorithms is non- deterministic; therefore, it is not correct to recalculate a new signature on the signature base and compare the results to an existing signature. Instead, the verification algorithm defined here needs to be used. See Section 7.3.5.

The use of this algorithm can be indicated at runtime using the ecdsa-p384-sha384 value for the alg signature parameter.

Last updated on