Skip to content

signatures.md: example Signature values are ASN.1/DER, but the spec requires raw r||s encoding #569

Description

@vishkaty

signatures.md states under Signature Value Encoding:

ECDSA signatures MUST use fixed-width raw r||s encoding per RFC 9421 §3.3.1, not ASN.1/DER.

But the Signature: example values in the same document are DER-encoded. Decoding the base64 prefixes:

Example value First bytes Meaning
sig1=:MEUCIQD…: 30 45 02 21 ASN.1 SEQUENCE { INTEGER … }
sig1=:MEQCIB…: 30 44 02 20 ASN.1 SEQUENCE { INTEGER … }
sig1=:MFQCIH…: 30 54 02 20 ASN.1 SEQUENCE { INTEGER … }

30 … 02 is exactly the ASN.1/DER form the MUST prohibits — a raw r||s P-256 signature is 64 bytes and never begins 30 45 02. Several examples across the REST request, response, and webhook sections share this shape.

Impact: an implementer who mirrors the examples' encoding (easy to do, since OpenSSL/Java/.NET default to DER — as the spec itself warns) emits signatures that a spec-following verifier rejects.

Suggested fix: regenerate the example Signature values as fixed-width raw r||s (base64) with your example-generation tooling — I didn't want to fabricate signature bytes in a PR, since real-looking examples presumably come from your signing pipeline.

Found while building an unofficial UCP conformance test suite (https://spck.dev); verified against main @ 7e5fc42 by decoding the example base64. Happy to help further if useful.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions