> From: owner-openssl-...@openssl.org On Behalf Of redpath > Sent: Saturday, 01 September, 2012 12:53
> Currently I am reading a PEM file which contains a test RSA key <snip> > and create a SHA1 message digest > > unsigned char *result=SHA1((unsigned char *)sample, > strlen(sample), md); > Aside: that only works for data that is a null-terminated C string. Most modern crypto schemes work on any data. > and sign it > > int rc= RSA_sign(NID_sha1, md, 20, sigret, &siglen, rsapriv); > Also most modern schemes don't sign just the raw hash of the data, but some metadata as well. Your scheme probably won't interoperate with nearly anything else. > > Now I have explored also the use of the Elliptical Curve from the SHA1 > but and there is always a but, the only example I could figure out is > using the key generation function > > EC_KEY_generate_key(eckey); <==== > > I need to use my private and public key from the RSA PEM file? > Not sure how exactly to do this. > No. An RSA key is used for RSA, an EC key is used for EC algorithms (ECDSA and ECDH). This is completely orthogonal to the hash -- you can use ECDSA with SHA1, with SHA256 etc (SHA2), with SHA3 when it comes out, with RIPEMD, even with MD5 (although that would probably weaken security as there are no EC standard curves with equivalent bit strength that low). Although you can generate an EC key ad-hoc, you then face the problem how to distribute it securely to the people who will verify signatures that use that key -- if those people are different from yourself. Most applications of ECDSA and DSA, and RSA-signing, use a more-or-less long-term key (anywhere from a month to several years). I.e. just as you currently pre-generate an RSA keypair and save it in a file, and read in the privatekey when you sign something, and distribute the publickey to be used in verifying, you would pre-generate an EC key to a file, read in the privatekey to sign, and distribute the publickey to verify. > The private would be used for the > ECDSA_do_sign(md, 20, eckey); > > The public later is used for verify > ECDSA_do_verify(md, 20, sig, eckey); > Private and public EC keys, with no connection to any RSA key. > > The RSA structure consists of several BIGNUM components. It > can contain > public as well as private RSA keys: <snip> Note this is the RSA structure in OpenSSL, which OpenSSL chose for its convenience. Many other systems have separate privatekey and publickey structures. Similarly OpenSSL uses a single EC_KEY structure for both privatekey and publickey, but many other systems don't. > There are functions for ECDSA such as > int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *) > > and > > int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *) > EC_POINT_point2bn(group, point, > POINT_CONVERSION_UNCOMPRESSED, ppub_a, > ctx); > > The POINT is used for the public key of EC_KEY no real > document of how this > is used. > The mathematics of EC are too complex for a response like this, but in outline ECDSA and ECDH use the same logic as DSA and DH but instead of the "sequence" of integers y = g^x mod p for a large prime p and a generator (number) g, EC uses the "sequence" of points on an elliptic curve, usually defined by reference to one of about 20 standardized curves like "nist256p1" and "sect283r1". Within such a curve/group, an EC privatekey is a random integer up to the size (order) of the curve d, and the corresponding publickey is a point computed as dG . In both DSA and ECDSA, the privatekey is effectively mixed with a nonce and message data (as noted above, usually hash of data plus metadata) to produce a result that can be verified, but not forged, using the publickey. For details see FIPS 186-3, or wikipedia or something similar. > So simply I have a PEM which gives me a RSA* and want to use > the public and > privates keys > for the ECDSA. > > How? > No how, no way, not ever. You need an EC key to do ECDSA. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
