[botan-devel] import openssl pkcs8 ecdsa key with Botan 1.10.1

ToBeKi at gmx.de ToBeKi at gmx.de
Tue Jul 10 09:39:50 EDT 2012


Ok, for testing I changed this as you have already mentioned:

BER_Decoder(key_bits)
      .start_cons(SEQUENCE)
         .decode_and_check<size_t>(1, "Unknown version code for ECC key")
         .decode_octet_string_bigint(private_key);
         /*.verify_end()*/
         /*.end_cons();*/

Now the key import and creating the ECDSA signer object are working.
But creating the public key point with OS2ECP for the ECDSA verifier does now fail with Illegal_Point Exception in point_gfp.cpp
It seems it is a consequence of leaving away the optional curve parameters by creating the private key?

-------------------

// load key file
AutoSeeded_RNG rng;
DataSource_Stream prvKeySource(cszKeyFile);      
std::auto_ptr<PKCS8_PrivateKey> apEcPrivateKey(PKCS8::load_key(prvKeySource, rng, cszCredential));

// create ECDSA private key      
std::auto_ptr<ECDSA_PrivateKey> apEcdsaPrivateKey;
apEcdsaPrivateKey.reset(dynamic_cast<ECDSA_PrivateKey*>(apEcPrivateKey.release()));       
m_spEcdsaPrivateKey.reset(dynamic_cast<ECDSA_PrivateKey*>(apEcdsaPrivateKey.release()));

// create ECDSA signer
m_spSigner.reset(new PK_Signer(*m_spEcdsaPrivateKey, "EMSA1(SHA-160)", Botan::IEEE_1363));

const PointGFp pointGfp = m_spEcdsaPrivateKey->public_point();   
SecureVector<Botan::byte> svPublicKey = EC2OSP(pointGfp, Botan::PointGFp::UNCOMPRESSED);

// create ECDSA verifier
boost::shared_ptr<EC_Domain_Params> spDomainParams;      
spDomainParams.reset(new EC_Domain_Params(OID("1.2.840.10045.3.1.1")));
const PointGFp pointGFp = OS2ECP(svPublicKey, svPublicKey.size(), spDomainParams->get_curve());
...

--------------------

ECDSA sign context
------------------
spSignContext->SetSignatureEncoding(static_cast<CString>(ISignatureContext::GetEmsa1Sha160()));
spSignContext->SetSignatureFormat(ISignatureContext::TSignatureFormatTypeEnum::Ieee1363);
spSignContext->SetDomainParameters("1.2.840.10045.3.1.1");
spSignContext->SetPublicKeyCompressionType(IEcdsaSignatureContext::TCompressionTypeEnum::Uncompressed);

ECDSA verify context
--------------------
spVerifyContext->SetSignatureEncoding(ISignatureContext::GetEmsa1Sha160());
spVerifyContext->SetSignatureFormat(ISignatureContext::TSignatureFormatTypeEnum::Ieee1363);
spVerifyContext->SetDomainParameters("1.2.840.10045.3.1.1");
spVerifyContext->SetPublicKey(m_cszPublicKey);

Call to OS2ECP failed in point_gfp.cpp
--------------------------------------

if(!result.on_the_curve())
      throw Illegal_Point("OS2ECP: Decoded point was not on the curve");


-------- Original-Nachricht --------
> Datum: Mon, 9 Jul 2012 15:25:49 -0400
> Von: Jack Lloyd <lloyd at randombit.net>
> An: Botan development list <botan-devel at randombit.net>
> Betreff: Re: [botan-devel] import openssl pkcs8 ecdsa key with Botan 1.10.1

> On Mon, Jul 09, 2012 at 09:08:41PM +0200, tobeki at gmx.de wrote:
> > Thank's Jack,
> > 
> > >However that is not the case for the 5915 extensions,
> > >they are for data we already have or can easily rederive, so they can
> > >be safely ignored.
> > 
> > parameters [0] ECParameters {{ NamedCurve }} OPTIONAL
> > publicKey  [1] BIT STRING OPTIONAL
> > 
> > so this optional parameters in 5915 are just needed for performance
> reasons?
> 
> The publicKey is purely an optimization which is useful in cases where
> only the private key is conveyed but the public key is also needed.
> In cases where it is not there and one needs the public key as well a
> point multiplication is required to rederive it.
> 
> Having the ECParameters available would be potentially useful in some
> cases, for instance if someone was literally passing around an
> ECPrivateKey. It is certainly important to know the precise curve that
> the private key is associated with and not use it with multiple
> curves, in which case having the curve included would be important.
> However ordinarily a ECPrivateKey would not be passed around as is but
> be packed into a PKCS #8 structure (or PKCS #12 or something). And at
> least for PKCS #8 the paramters are already available at an outer
> layer of the encoding, so including the parameters again would be
> redundant (which is probably why OpenSSL includes the public key,
> which is a SHOULD include per RFC 5915, but not the parameter set,
> which is a MUST include).
> 
> -Jack
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel



More information about the botan-devel mailing list