In short the answer is this:
InScript length : VarInt (1-9 bytes)
PushData operation of R/S/Hash_all/DER bytes : OP_PUSH (1-9 bytes)
DER sequence type byte : 0x30
DER sequence length : 0x44-0x46
DER integer type : 0x02
DER integer length : 0x20-0x21
32 R bytes, left padded with 0x00 IF leftmost byte >= 0x80 - hence varying lengths above.
DER integer type : 0x02
DER integer length : 0x20-0x21
32 S bytes, left padded with 0x00 IF leftmost byte >= 0x80 - hence varying lengths above.
Sighash_All type byte : 0x01
PushData operation of publickey bytes : OP_PUSH (1-9 bytes)
PubKey version/type byte : 0x04
Public key in 64 bytes of data - X and Y 32 bytes each
Answer taken from here:
https://bitcointalk.org/index.php?topic=653313.0
After looking at it becomes pretty obvious that DER was a mistake on Satoshis part and something provided to him by OpenSSL.
I mean why encode unsigned integers as signed - then pad them to make them unsigned again.
Why these sequence and length definitions when we already know the length from the push byte op - why DER encode at all when its ALWAYS 32 bytes R followed by 32 bytes S?
Clearly its pretty silly.
More about OP_Push: http://bitcoin.stackexchange.com/questions/29591/i-cannot-see-the-expected-op-code-in-transactions
More about VarInt: https://en.bitcoin.it/wiki/Protocol_specification#Variable_length_integer
I think Satoshi used this DER-encoding just to pass the value to standard ECDSA_* methods from openSSL without any additional actions. And this allow changing (hard-fork) algorithm in future: we still have 255 prefixes (0x30 is in use for current). – amaclin – 2014-12-14T06:05:43.717