[botan-devel] import openssl pkcs8 ecdsa key with Botan 1.10.1

Jack Lloyd lloyd at randombit.net
Tue Jul 10 15:30:51 EDT 2012


I would need to see more about what is going on, or ideally a self
contained test case. I do note however that 1.2.840.10045.3.1.1 is
secp192r1, while the key you sent previously used secp256r1, and if
the curve doesn't match that would certainly be a problem.

Instead of creating the curve from the OID you could use

const CurveGFp& curve = some_ecc_key_object().domain().get_curve();

thus helping ensure you didn't use inconsistent curves.

-Jack

On Tue, Jul 10, 2012 at 03:39:50PM +0200, ToBeKi at gmx.de wrote:
> Ok, for testing I changed this as you have already mentioned:
> 
> BER_Decoder(key_bits)
>       .start_cons(SEQUENCE)
>          .decode_and_check<size_t>(1, "Unknown version code for ECC key")
>          .decode_octet_string_bigint(private_key);
>          /*.verify_end()*/
>          /*.end_cons();*/
> 
> Now the key import and creating the ECDSA signer object are working.
> But creating the public key point with OS2ECP for the ECDSA verifier does now fail with Illegal_Point Exception in point_gfp.cpp
> It seems it is a consequence of leaving away the optional curve parameters by creating the private key?
> 
> -------------------
> 
> // load key file
> AutoSeeded_RNG rng;
> DataSource_Stream prvKeySource(cszKeyFile);      
> std::auto_ptr<PKCS8_PrivateKey> apEcPrivateKey(PKCS8::load_key(prvKeySource, rng, cszCredential));
> 
> // create ECDSA private key      
> std::auto_ptr<ECDSA_PrivateKey> apEcdsaPrivateKey;
> apEcdsaPrivateKey.reset(dynamic_cast<ECDSA_PrivateKey*>(apEcPrivateKey.release()));       
> m_spEcdsaPrivateKey.reset(dynamic_cast<ECDSA_PrivateKey*>(apEcdsaPrivateKey.release()));
> 
> // create ECDSA signer
> m_spSigner.reset(new PK_Signer(*m_spEcdsaPrivateKey, "EMSA1(SHA-160)", Botan::IEEE_1363));
> 
> const PointGFp pointGfp = m_spEcdsaPrivateKey->public_point();   
> SecureVector<Botan::byte> svPublicKey = EC2OSP(pointGfp, Botan::PointGFp::UNCOMPRESSED);
> 
> // create ECDSA verifier
> boost::shared_ptr<EC_Domain_Params> spDomainParams;      
> spDomainParams.reset(new EC_Domain_Params(OID("1.2.840.10045.3.1.1")));
> const PointGFp pointGFp = OS2ECP(svPublicKey, svPublicKey.size(), spDomainParams->get_curve());
> ...
> 
> --------------------
> 
> ECDSA sign context
> ------------------
> spSignContext->SetSignatureEncoding(static_cast<CString>(ISignatureContext::GetEmsa1Sha160()));
> spSignContext->SetSignatureFormat(ISignatureContext::TSignatureFormatTypeEnum::Ieee1363);
> spSignContext->SetDomainParameters("1.2.840.10045.3.1.1");
> spSignContext->SetPublicKeyCompressionType(IEcdsaSignatureContext::TCompressionTypeEnum::Uncompressed);
> 
> ECDSA verify context
> --------------------
> spVerifyContext->SetSignatureEncoding(ISignatureContext::GetEmsa1Sha160());
> spVerifyContext->SetSignatureFormat(ISignatureContext::TSignatureFormatTypeEnum::Ieee1363);
> spVerifyContext->SetDomainParameters("1.2.840.10045.3.1.1");
> spVerifyContext->SetPublicKey(m_cszPublicKey);
> 
> Call to OS2ECP failed in point_gfp.cpp
> --------------------------------------
> 
> if(!result.on_the_curve())
>       throw Illegal_Point("OS2ECP: Decoded point was not on the curve");
> 
> 
> -------- Original-Nachricht --------
> > Datum: Mon, 9 Jul 2012 15:25:49 -0400
> > Von: Jack Lloyd <lloyd at randombit.net>
> > An: Botan development list <botan-devel at randombit.net>
> > Betreff: Re: [botan-devel] import openssl pkcs8 ecdsa key with Botan 1.10.1
> 
> > On Mon, Jul 09, 2012 at 09:08:41PM +0200, tobeki at gmx.de wrote:
> > > Thank's Jack,
> > > 
> > > >However that is not the case for the 5915 extensions,
> > > >they are for data we already have or can easily rederive, so they can
> > > >be safely ignored.
> > > 
> > > parameters [0] ECParameters {{ NamedCurve }} OPTIONAL
> > > publicKey  [1] BIT STRING OPTIONAL
> > > 
> > > so this optional parameters in 5915 are just needed for performance
> > reasons?
> > 
> > The publicKey is purely an optimization which is useful in cases where
> > only the private key is conveyed but the public key is also needed.
> > In cases where it is not there and one needs the public key as well a
> > point multiplication is required to rederive it.
> > 
> > Having the ECParameters available would be potentially useful in some
> > cases, for instance if someone was literally passing around an
> > ECPrivateKey. It is certainly important to know the precise curve that
> > the private key is associated with and not use it with multiple
> > curves, in which case having the curve included would be important.
> > However ordinarily a ECPrivateKey would not be passed around as is but
> > be packed into a PKCS #8 structure (or PKCS #12 or something). And at
> > least for PKCS #8 the paramters are already available at an outer
> > layer of the encoding, so including the parameters again would be
> > redundant (which is probably why OpenSSL includes the public key,
> > which is a SHOULD include per RFC 5915, but not the parameter set,
> > which is a MUST include).
> > 
> > -Jack
> > _______________________________________________
> > botan-devel mailing list
> > botan-devel at randombit.net
> > http://lists.randombit.net/mailman/listinfo/botan-devel
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel



More information about the botan-devel mailing list