DER encoding

DER (Distinguished Encoding Rules) is a binary encoding of ASN.1 (Abstract Syntax Notation One) data structures. For cryptographic signatures, it's the wire format most HSMs and crypto libraries produce: an ECDSA signature is a two-integer tuple (r, s), DER-encoded as a SEQUENCE containing two INTEGERs.

LearnCoin's signing flow receives DER-encoded signatures from GCP KMS's asymmetricSign API. The DER bytes start with 0x30 (SEQUENCE tag), carry a total length, then two 0x02-tagged INTEGERs. Our kms-signer parses the DER to extract (r, s) as bigints, normalizes s to the lower curve order (EIP-2 low-S rule), and reassembles as the (r, s, yParity) format Ethereum expects for transaction signatures.

The mechanical conversion from DER to Ethereum-format is annoying but standard. Every Ethereum-compatible HSM integration goes through it.