Re: ECDSA 224 bit

Wed, 04 Jul 2007 10:56:20 -0700 

Hello,
> I am using openssl-0.9.8e. Can someone help me with making use of
> ECDSA with 224bit public and private keys?
You may try something like that:

1) Generate and display EC private/public key:
    # openssl ecparam -genkey -name secp224r1 -out ec-key.pem
    # openssl ec -in ec-key.pem -text -noout
    read EC key
    Private-Key: (224 bit)
    priv:
        47:ed:fe:43:2b:1a:7f:27:ed:e3:99:0a:5b:af:e7:
        33:03:cc:5a:2f:da:b9:a3:06:e8:3f:d6:7d
    pub:
        04:ca:77:df:dc:af:86:a7:e0:a0:4f:c2:29:5d:fc:
        be:0b:75:60:ca:7c:a2:f8:bf:0d:4e:53:f2:cf:1e:
        5a:98:02:a7:72:e0:3e:34:9c:04:fe:fa:1c:f4:1a:
        c9:26:1b:0a:8f:5d:a2:fb:73:32:0c:a4
    ASN1 OID: secp224r1

2) Separate public key from private key
    # openssl ec -in ec-key.pem -text -pubout -out ec-key-pub.pem
    read EC key
    writing EC key
    # openssl ec -in ec-key-pub.pem -text -pubin -noout
    read EC key
    pub:
        04:ca:77:df:dc:af:86:a7:e0:a0:4f:c2:29:5d:fc:
        be:0b:75:60:ca:7c:a2:f8:bf:0d:4e:53:f2:cf:1e:
        5a:98:02:a7:72:e0:3e:34:9c:04:fe:fa:1c:f4:1a:
        c9:26:1b:0a:8f:5d:a2:fb:73:32:0c:a4
    ASN1 OID: secp224r1

3) Create test file:
    # echo test test test > file.txt

4) Sign test file with EC private key:
    # openssl dgst -sign ec-key.pem \
        -ecdsa-with-SHA1 < file.txt > file.sig

5) ECDSA signature is ASN.1 sequence of two integers (r,s), check this:
    # openssl asn1parse -in file.sig -inform der
        0:d=0  hl=2 l=  60 cons: SEQUENCE
        2:d=1  hl=2 l=  28 prim: INTEGER :5B3E9C6F568B343C32ED2...
       32:d=1  hl=2 l=  28 prim: INTEGER :2F1623E54D193AF7D0984...

6) Verify file signature with EC public key:
    # openssl dgst -verify ec-key-pub.pem \
        -ecdsa-with-SHA1 -signature file.sig < file.txt
    Verified OK

DSA signature for every sign operation are different
because of randomly generated parameter k for every sign.

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to