Re: ECDSA public key token to/from binary

Tue, 19 Jul 2011 04:58:50 -0700 

[email protected] wrote on 07/18/2011 09:49:33 AM:

> From: Billy Brumley <[email protected]>
> To: [email protected]
> Date: 07/18/2011 10:00 AM
> Subject: Re: ECDSA public key token to/from binary
> Sent by: [email protected]
> 
> Dear Ken,
> 
> One way to accomplish this is something along the lines of
> 
> EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
> 
> where EC_KEY is the key structure, returning the point as an EC_POINT
> structure, followed by
> 
> int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const
> EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *);
> 
> where EC_GROUP is setup for P-521 (have a look at
> EC_GROUP_new_by_curve_name), EC_POINT is the public key from the
> previous call; it dumps the coordinates to x and y, where you can use
> BN_bn2bin or whatever you like. You'd reverse it with

Thanks for the response.  Are X and Y the public key?

I tried this and it seems to work.  Error checking omitted for
easier reading.  Comments?

Getting the public key:

        group = EC_KEY_get0_group(eckey);
        ec_point = EC_KEY_get0_public_key(eckey);
        *publicKeyLength = EC_POINT_point2oct(group,
                                              ec_point,
 POINT_CONVERSION_UNCOMPRESSED,
                                              *publicKey,
                                              *publicKeyLength,
                                              NULL);
Setting the public key:

        *ecPubKey = EC_KEY_new();
        group = EC_GROUP_new_by_curve_name(nid);
        ec_point = EC_POINT_new(group);
        EC_KEY_set_group(*ecPubKey, group);
        EC_POINT_oct2point(group,
                                 ec_point,
                                 publicKey,
                                 publicKeyLength,
                                 NULL);
        EC_KEY_set_public_key(*ecPubKey, ec_point);

> int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
> const BIGNUM *x, const BIGNUM *y, BN_CTX *);
> 
> followed by
> 
> int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
> 
> While this is the manual way to do it that you've asked for, there are
> a few caveats that can affect security so if possible I'd consider
> standard (ANSI? P1363?) methods like EC_POINT_point2bn and so on.
> Those also easily allow point compression if that's needed. In
> general, poke around in include/openssl/ec.h and there is lots of
> useful functionality, although not as much documentation.

I've been doing that poking.

Reply via email to