diff --git a/lib/std/crypto/ecdsa.zig b/lib/std/crypto/ecdsa.zig
index 4935278da5..130c47d10d 100644
--- a/lib/std/crypto/ecdsa.zig
+++ b/lib/std/crypto/ecdsa.zig
@@ -135,20 +135,22 @@ pub fn Ecdsa(comptime Curve: type, comptime Hash: type) type {
             /// The function returns a slice, that can be shorter than der_encoded_length_max.
             pub fn toDer(sig: Signature, buf: *[der_encoded_length_max]u8) []u8 {
                 var w: std.Io.Writer = .fixed(buf);
-                const r_len = @as(u8, @intCast(sig.r.len + (sig.r[0] >> 7)));
-                const s_len = @as(u8, @intCast(sig.s.len + (sig.s[0] >> 7)));
+                const sig_r = mem.trimLeft(u8, &sig.r, &.{0});
+                const sig_s = mem.trimLeft(u8, &sig.s, &.{0});
+                const r_len = @as(u8, @intCast(sig_r.len + (sig_r[0] >> 7)));
+                const s_len = @as(u8, @intCast(sig_s.len + (sig_s[0] >> 7)));
                 const seq_len = @as(u8, @intCast(2 + r_len + 2 + s_len));
                 w.writeAll(&[_]u8{ 0x30, seq_len }) catch unreachable;
                 w.writeAll(&[_]u8{ 0x02, r_len }) catch unreachable;
-                if (sig.r[0] >> 7 != 0) {
+                if (sig_r[0] >> 7 != 0) {
                     w.writeByte(0x00) catch unreachable;
                 }
-                w.writeAll(&sig.r) catch unreachable;
+                w.writeAll(sig_r) catch unreachable;
                 w.writeAll(&[_]u8{ 0x02, s_len }) catch unreachable;
-                if (sig.s[0] >> 7 != 0) {
+                if (sig_s[0] >> 7 != 0) {
                     w.writeByte(0x00) catch unreachable;
                 }
-                w.writeAll(&sig.s) catch unreachable;
+                w.writeAll(sig_s) catch unreachable;
                 return w.buffered();
             }