Different sizes of signed jar files / signature file
1 posts in topic
Flat View  Flat View

Posted By:   Heinrich_Soebke
Posted On:   Friday, February 22, 2002 05:10 AM

Hi all,

I'm signing jar file A and get a signed jar file B. I'm doing this several times. All the resulting jar-files don't have the same size,
some of them are 1 or 2 bytes smaller or bigger. The difference is the size of the added .dsa-file.
Has anyone an explanation for this behaviour? I understand, that the dsa-files maybe different, because the signing time is
included, but are different sizes ok or do I have to be mistrustful?



Re: Different sizes of signed jar files / signature file

Posted By:   Heinrich_Soebke  
Posted On:   Monday, March 4, 2002 12:09 AM

A hint from openssl-users@openssl.org (thanks to the author)

The signature process will include in the result a number of values
will not be always constants.

When one of this values is an integer, the first bit of it's binary
representation will sometimes be a 1 and sometimes a 0.

The der encoding rules state that a positive integer value must start
with a zero.

Therefore everytime the actual value starts with a 1, a padding byte
with a value of zero is added in front of the value in the der
encoding process.

This explain random variation of one byte, or two byte if two different
values have this padding byte.

In short, nothing to worry about.
About | Sitemap | Contact